System and method for optimizing a facial recognition-based system for controlling access to a building

ABSTRACT

Systems and methods are provided for controlling access to a building or other restricted physical spaces using at least a facial recognition module, an access control panel and electronically lockable doors or other means of controlling access. The facial recognition module comprises visible light and IR detection. The facial recognition module initially uses visible light to detect a person in the vicinity of an access control location, defines a region of interest in at least a captured image related to the location of the person&#39;s face, tracks the movement of the face and adjusts the region of interest, and performs facial recognition by prioritizing analysis of the defined region of interest.

INCORPORATION BY REFERENCE TO ANY PRIORITY APPLICATIONS

Any and all applications for which a foreign or domestic priority claimis identified in the Application Data Sheet as filed with the presentapplication are hereby incorporated by reference under 37 CFR 1.57.

BACKGROUND OF THE INVENTION Field of the Invention

Controlling access to buildings is an old problem. Castles once haddrawbridges and moats. Guards, armed or otherwise, have been posted atdoors for centuries. These approaches can be effective, but come at asignificant cost. As with most other forms of security, there weretradeoffs between efficiency (ease of ingress and egress) and security.

In the context of a modern business that may have thousands ofemployees, more sophisticated tools are required. For several decades,many businesses have used badge-based access control systems. The leastsophisticated of these still rely on a human to check for and makedecisions about whether to admit or deny based on a visual appraisal ofbasic badge, generally by checking the “headshot” photograph on thebadge against the physical appearance of the person wearing it. Thisapproach obviously requires a human guard at each entrance.

More technically sophisticated access control systems use electronicallylockable doors, and some form of machine-readable coding on the badgescarried by employees, each of which generally contains a uniqueidentifier for each badge. Such coding may take the form of a magneticstrip, a chip, or another form of RFID or other technique for encoding aunique identifier. When an employee (or other person with an ID)attempts to enter a controlled-access building (or a limited-access areawithin a building), the coding on the badge is read by the appropriateequipment (such as a “swipeable” card slot, or an antenna), and theunique identifier associated with the badge is generally transmitted toa access control panel that contains, at minimum, a database of badgeidentifiers. If the badge being used is associated with permission tothe space controlled by the electronic lock, the access control panelsends an “unlock” signal to that door to enable to badge holder toenter; if not, the door does not unlock. (Additional steps might also betaken, such as triggering an alert.)

Badge-based systems are widely used, but have a number of drawbacks.When used alone (an approach widely characterized as single-factorauthentication), they can be compromised by cards that have been stolen,borrowed or counterfeited. They also create the opportunity for asecurity risk known as “tailgating”. People tend to reflexively makepolite gestures like holding a door open for those walking behind them.Bad actors may use such instincts as a means to circumvent securitysystems. Such exploits are so common that they have a name: deception tomanipulate individuals into giving others access to or divulgingconfidential or personal information that may be used for fraudulentpurposes is generally known as “social engineering.” Tailgating, aspecific and physical form of social engineering, is difficult toprevent with such access control systems. (Tailgating may also includethe situation in which an unauthorized entrant follows a permittedentrant into a space without the permitted entrant even noticing.)Posting a human guard at each access point reduces, but does noteliminate the risk. It also substantially increases the cost of thesecurity regime—in terms of the financial cost of the guards, of course,but also the frictional effects of forcing each potential buildingentrant to interact with the guards. That requirement slows the process,and can cause significant queuing at peak times of day, resulting inannoyed workers and lost productivity.

An alternative approach that has been used to a limited extent isbiometric verification. Technologies like fingerprint readers and irisscanners have been deployed in high-security environments such as datacenters, secret government facilities, etc. Even where such technologiesoffer strong security, they have significant drawbacks that generallymake them undesirable for broader applications. In addition to the costsof the hardware required to scan eyeballs and/or read fingerprints, thehardware to enroll people in the system and the computer systemsnecessary to store, process and make decisions based on the collectedbiometric information, both systems require that each person seekingentrance to the access-controlled area have a significant,time-consuming interaction with that system, including the firstenrollment phase, which may be very long. This may be an acceptabletradeoff for a highly secure facility accessible to a small number ofpeople. But the costs are likely too high for higher-volumeapplications.

An increasingly prevalent form of biometric verification is facialrecognition. Facial recognition generally uses one or more digitalcameras or sensors to capture one or more images, which are used togenerate a digital file containing data about a person's face. Imageprocessing software uses this data to perform analysis to detect facialfeatures and to determine attributes such as distances between differentfacial features, description of those facial features and the shape ofthe head. Algorithms running on one or more processors then uses thisdata to compare the captured face to one or more faces that have beenpreviously analyzed to estimate the probability that they are the sameperson.

Facial recognition is now being used as a security method for somesmartphones.

The quality of cameras or sensors and the speed of the processorsdeployed in phones have rapidly improved, enabling early forms of imagerecognition. However, many early approaches could be fooled by, forexample, holding a photograph of a person in front of the camera. In anattempt to compensate, some newer smartphone-based recognition systemsrequire the user to perform a task such as change facial expression ormove or change orientation to provide evidence that what is beingobserved is a living person and not just a picture.

Another form of facial recognition is to generate a depth map based onstereoscopic vision, relying on the differences in two simultaneousimages captured by two different cameras or sensors separated by adistance.

Some more recent devices employ a more sophisticated approach called“structured light”. Structured light is the process of projecting aknown pattern, such as a grid of lines or dots onto the object, such asa face, to be analyzed. Such patterns may be projected with a laser,which could use visible light, infrared light, or another signal. Acamera or sensor in turn records the shape of the grid as seen on thesurface of the object. When such a grid is projected onto a flat surfaceperpendicular to the projector, the grid is unaltered. But when such agrid is projected onto more complex shapes, the deformations in the gridcreated by the uneven surfaces allow machine vision systems to calculatethe distance of those grid points from each other in 3 dimensions, andthus to model the shape of the object.

Measuring the time of flight is another way to generate a depth imagewith a projector and sensor. This technology is based on the fact thatthe speed of light is a constant. The emitted light travels to an objectand is reflected back to the sensor. Measuring the time in between theprojector emission and reception of the light back on the sensor allowan estimate of the traveled distance.

Thus, for example, one popular smartphone that uses this approach, theiPhone X from Apple, may both measure time of flight for some purposes,and project thousands of points using an infrared laser projector,allowing it to read the resulting grid as overlaid on a face using aninfrared sensor.

This is a relatively simple use case for facial recognition in severalways. First, high-end smartphones now have high-resolution cameras builtin, as well as processing power and memory that only expensive computerworkstations featured only a few years ago. A few smartphones eveninclude infrared emitters and sensors. Users also tend to help theprocess by holding the phone fairly close to their faces, with thecamera and/or other sensors pointed in the proper direction. And perhapsmost important, in the ordinary case, the number of entries in thedatabase of faces authorized, and thus stored for comparison purposes,is one. Together, these factors simplify and speed up the task.

There have been attempts to apply facial recognition to access control.However, there are a number of challenges in this context. The libraryof faces of approved people can number in the thousands or more.Matching a new image to the correct identity can require significantprocessing power and system memory. Determining a reasonable degree ofcertainty that the new image of a person seeking entry is not a matchwith one of the people already in the database is also computationallyexpensive. Because those resources have until recently been quiteexpensive, such systems have generally required that the sensing unitslocated at access points be networked to a central computer. Suchtopologies can be expensive to install and maintain. They also havetended to introduce sufficient lag time that queuing can become inissue.

Existing systems also tend to require that a person seeking admittancestand still in a specific location and look directly toward a specificlocation usually at one or more cameras or sensors. They also tend towork only under controlled lighting conditions.

Current solutions in the secure access control industry can be spoofedor require human interaction. Many methods are currently available,including, but not limited to badging, iris scan, fingerprint scan, PINcode or phone access using Bluetooth or NFC. Some of those solutions arevery secure but require additional interactions from the user, whileother lacks security at its core.

In contrast, what is proposed below enables instantly secure, spoof-freeauthentication based on 3D facial reconstruction and AI. The tech isenvisioned to replace the ubiquitous badge readers by the doors andeventually make its place to other areas like integrating into medicaldevices or ATM one/two factor authentication. It is a fast andfrictionless method of identifying securely a user with no additionalinteraction. In some embodiments, Deep learning is used to train foreach new user so the experience is transparent.

Thus there is a need for a building security system that maximizessecurity (by preventing or substantially reducing the risk of improperentry), while minimizing cost (by reducing the need for expensive humanguards and reducing friction and waiting for those who are desiredentrants to the building). Ideally, such a system would be easilyintegrated into an existing building security system.

SUMMARY OF THE INVENTION

In one embodiment, the invention comprises a compact module thatincludes a visible light (RGB) camera, a plurality of infrared sensors,an infrared projector, a processor, and memory. It also includes meansfor communicating with an access control panel.

In another embodiment, the invention also comprises means for directlycontrolling access by transmitting a signal to lock or unlock a door.

In another embodiment, the invention also comprises means for autonomousoperation of a module without communication with a remote server.

In another embodiment the invention also comprises a badge reader orwireless means of reading a badge or token, such as by using Bluetooth.

In another embodiment, the invention enables single or multiple-factorauthentication.

In another embodiment, the invention comprises methods for connectingand communicating between multiple modules and entry points.

In another embodiment, the invention comprises additional componentsthat can detect tampering with the system.

In another embodiment, the invention also comprises systems and methodsfor re-configuring hardware interfaces with other access controlsystems.

In another embodiment, the invention also comprises methods forrecognizing authorized entrants without requiring them to alter thenormal process of entering a space as if access was not controlled.

In another embodiment, the invention also comprises methods forassociating a user's face with an alternate identifier such as a badgenumber.

In another embodiment, the invention also comprises methods fordetecting and preventing unauthorized persons from entering a controlledspace by following an authorized person.

In another embodiment, the invention comprises techniques forrecognizing a face when captured images of that face are partiallyblocked or occluded.

In another embodiment, the invention also comprises methods for usingrelated interactions with the system to improve accuracy.

In another embodiment, the invention also comprises using a combinationof RGB image data and 3-dimensional imaging data to detect spoofing.

In another embodiment, the invention comprises methods for identifyingpeople who attempt to enter a controlled space using an improper badge.

In another embodiment, the invention comprises methods for enablingguest access under certain conditions.

In another embodiment, the invention comprises methods for determiningthe number of occupants in a building and enabling coordination of thosedeterminations with emergency systems.

In another embodiment, the invention also comprises systems and methodsfor coordinating and sharing data regarding authorized entrants acrossmultiple devices and multiple entry points.

In another embodiment, the invention also comprises systems and methodsfor detecting whether a person in the vicinity of an entry point intendsto enter.

In another embodiment, the invention also comprises systems and methodsfor determining, in the case of a location with a plurality ofseparately controlled entry points, which of those entry points a userseeks to enter.

In another embodiment, the invention comprises a method for provisioningnetworked devices equipped with cameras by presenting configurationinformation to the devices in the form of barcodes or another codedgraphic format.

In another embodiment, the invention also comprises systems and methodsfor increasing efficiency of identifying authorized persons.

In another embodiment, the invention also comprises systems and methodsfor clustering similar facial images in order to improve matchingaccuracy.

In another embodiment, the invention also comprises systems and methodsfor improving the acceptance of the system by gamifying themachine-human interaction

In another embodiment, the invention offers the ability, through a“slider” control or similar user-adjustable method of representinglevels of certainty in a user interface, to make the system either moreaccurate by lowering false positives and false negatives, or moving toless friction by sticking with single-factor facial recognition withslightly lower accuracy.

In another embodiment, the invention also comprise a method tosemi-automate an annotation process.

In another embodiment, the invention offers a recognition method whichdoes not request preliminary enrolment of the user.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a system of controlling access to a building or otherrestricted area using technology common in the prior art.

FIG. 2 is a flowchart illustrating the steps involved in validating andadmitting an approved badge holder in the prior art.

FIGS. 3a, 3b, and 3c show multiple images of a possible embodiment of afacial recognition module according to the present invention.

FIG. 4 is a high-level block diagram of a facial recognition moduleaccording to the present invention.

FIG. 5 is a more detailed block diagram of a facial recognition moduleaccording to the present invention.

FIG. 6 illustrates a system of controlling access to a building or otherrestricted area using an aspect of the present invention.

FIG. 7a is a high-level diagram of an access control system using anaspect of the present invention.

FIG. 7b is another high-level diagram of an access control system usingan aspect of the present invention.

FIG. 8 illustrates a system of controlling access to a building or otherrestricted area using an aspect of the present invention.

FIG. 9 illustrates how facial features recognized in an RGB image may beprojected onto an IR image.

FIG. 10 illustrates how structured light may be used to create a depthmap of a face.

FIGS. 11a, 11b, 11c, and 11d illustrate mapping of facial landmarksusing RGB and depth images.

FIGS. 12a, 12b, 12c, 12d, 12e, and 12f illustrate how depth images maybe used to detect spoofing.

FIG. 13 is a flowchart illustrating how a neural net can be used todetect spoofing.

FIGS. 14a and 14b illustrate how facial angles can be used to identifyfaces.

FIG. 15 is a flowchart illustrating how visible light and depth-sensingsystems such as structured light may be incorporated in a facialrecognition system.

FIG. 16 is another flowchart illustrating how visible light anddepth-sensing systems such as structured light may be incorporated in afacial recognition system.

FIG. 17 is a flowchart illustrating an exemplary method for combiningbadge readers and facial recognition in an access control system.

FIG. 18 is a flowchart illustrating another exemplary method forcombining badge readers and facial recognition in an access controlsystem.

FIGS. 19a, 19b, and 19c illustrate an exemplary method by which anaccess control system can learn with the assistance of badgeinformation.

FIG. 20 is a flowchart illustrating an exemplary method by which anaccess control system can learn with the assistance of badgeinformation.

FIG. 21a is a flowchart illustrating an exemplary method by which anaccess control system can learn using only image recognition.

FIG. 21b is a flowchart illustrating an exemplary method by which anaccess control system can learn using both badge information and imagerecognition.

FIG. 22 is an illustration of how a facial recognition module cancapture images of a person approaching a door controlled by the subjectinvention.

FIG. 23 is another illustration of how a facial recognition module cancapture images of a person approaching a door controlled by the subjectinvention.

FIGS. 24a, 24b, 24c, and 24d are high-level illustrations of the stepsinvolved in an exemplary embodiment in recognizing a person approachinga controlled access point.

FIG. 25 is a high-level flowchart illustrating steps involved in anexemplary efficient facial recognition process.

FIG. 26 is an illustration of how an exemplary version of the inventioncan be used to define a region of interest in a captured image.

FIG. 27 is an illustration of how an exemplary version of the inventioncan be used to define multiple region of interest in a captured image.

FIG. 28 is a flowchart illustrating steps involved in an exemplaryprocess of preventing tailgating.

FIG. 29 is an illustration of steps that can be taken to act on adetected instance of tailgating.

FIG. 30 is an illustration of how multiple captured images may be usedto increase the likelihood of correct facial identifications.

FIG. 31 is a flowchart illustrating an exemplary method for sharingrecognized faces among multiple entry points.

FIG. 32 is a flowchart illustrating an exemplary method for determiningwhich of a plurality of doors to open based upon the actions of a personapproaching those doors.

FIG. 33 is a flowchart illustrating an exemplary method for determiningwhether a person observed near a controlled access point intends toenter.

FIG. 34 is a flowchart illustrating an exemplary process for detectingwhether a person is presenting a badge assigned to another person.

FIG. 35 illustrates how pictures of people approaching a controlledaccess point can be grouped into similar clusters.

FIG. 36 illustrates another aspect of how pictures of people approachinga controlled access point can be grouped into similar clusters.

FIG. 37 illustrates a high-level user interface that may be used to helpteach a facial recognition module to recognize specific faces.

FIG. 38 illustrates messages that can be used to gamify the process oftraining an image recognition system.

FIG. 39 presents multiple views of a potential embodiment of a portableimage recognition module.

FIG. 40 presents a potential visual representation of data that can beused to learn about the emotional state of entrants to a building overtime.

FIG. 41 presents another potential visual representation of data thatcan be used to learn about the emotional state of entrants to a buildingover time.

FIG. 42 is an illustration of how an embodiment of the subject inventionmay be used to allow a user to execute commands on a facial recognitionmodule using facial expressions.

FIG. 43 is an illustration of relative benefits of differenttechnologies for building security.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Common in the prior art are badge-based access control systems. Badgesmay include photographs of the associated user, or may be simple cardsor other small portable tokens that contain only internal means forstoring a unique identifier. Permitted users will generally each beissued a badge or token.

FIG. 1 illustrates the major elements of a representative system used tocontrol access to a building or other secure area as commonly found inthe prior art. A typical system includes an access control panel 100,and one or more badge readers 102, which are typically located at accesspoints such as door 104. Access control panel 100 can also be connectedto one or more turnstiles, as are sometime used in places like lobbiesof buildings that control access and have large number of peopleentering and leaving. Doors 104 include electronic locks 108; turnstilesinclude remotely controlled means for locking and unlocking theturnstiles. Badges and badge readers can use a variety of technologiesfor encoding a unique identifier in each badge, including a number ofproprietary protocols, and retrieving that identifier at the time thebadge is presented.

The physical interface generally uses five or six wires one that carriesDC voltage to power the card reader, a common ground, one or two wiresthat transmit status to the green and red indicator LEDs on the badgereader, and two data transmission wires. It is a simple binarytransmission system, changing states from high (some positive DCvoltage, e.g. 5 volts) to low (zero). The original Wiegand format forbadge reader encoding permits a total of 26 bits. Other systems haveused the Wiegand hardware layer but different data formats, using manymore bits, that enable more complex addressing. Different encodingformats are also available now, some of which are proprietary to onespecific company. Those encoded badge numbers are transmitted to theaccess control panel using a communication protocol which may be Wiegandor other protocols deployed have included mono-directional, Clock andData or bidirectional OSDP (RS 485), RS 232 or UART.

Badge readers 102 will generally include a means for providing visualfeedback to the badge holder, such as green LED light 112 and red LEDlight 114. Green will generally indicate that the user has successfullybadged in, and is allowed to enter; at all other times the red lightwill generally be illuminated to indicate that the system isoperational. Bunking red or a third color, such as orange could indicatethat an invalid card has been swiped.

The badge's unique ID can be coded into a magnetic stripe, or RFID(radio frequency identification), or (with less security) a visualindicator such as a barcode or QR code. In the case of a magnetic stripesystem, a magnetic reader like those traditionally used for credit cardsis included in the badge readers 102, and each user must swipe his/herbadge through a dedicated slot in badge reader 102. In the case ofRFID-based systems, either active or passive, reader 102 will includeone or antennas that may detect or generate a field of interrogatingradio waves. In some systems, physical contact between the token/badgeand the enclosure of the reader is required; in others, a level ofproximity may be sufficient.

When a badge is scanned, the scanning device 102 determines the uniqueidentifier encoded in the badge 106 and transmits the identifier toaccess control panel 100. Historically, these signals have generallybeen transmitted over a simple wired connection using a serial busprotocol which may be a proprietary standard such as the previouslyWiegand system, or may utilize a different, non-proprietary protocol.However, some systems have used other approaches, including wiredtechnologies including Ethernet, Power of Ethernet (PoE), or wirelesssystems such as IEEE 802.11, also known as WiFi.

In one embodiment, access control panel 100 is a dedicated central pointto which a number of badge readers 102 can be connected. Access controlpanel generally includes a simple means of connecting a number of wiredconnections to access point controls. It also generally includes astorage medium capable of maintaining a list of authorized entrants tothe building(s) or area(s) where access is controlled by the system.Access control panel 100 may also include a means for providing backuppower to the access control system in the event power is interrupted,either by a power failure or due to an attempt to break into thecontrolled area.

When a badge is presented at a badge reader 102, the encoded badgenumber is transmitted to access control panel 100. Access control panel100 determines if that badge number is on the stored list of permittedentrants, and if so, sends an unlock signal to the appropriateelectronic lock or turnstile.

Access control panel 100 may also include means by which it can beconnected to a computer 110, though for security reasons, the exposureof access control panel 100 to external devices may be carefullycontrolled. Such connection may be accomplished via a common networkingprotocol such as Ethernet, or may use a serial protocol such as RS232 orRS422. Computer 110 may be one or more conventional computers that areequipped with communications hardware such as modem or a networkinterface card. The computers include processors such as those sold byIntel and AMD. Other processors may also be used, includinggeneral-purpose processors, multi-chip processors, embedded processorsand the like.

Computer 110 can also be a microprocessor-controlled computer such as adedicated embedded system. Computer 110 may utilize a conventionalkeyboard and display, or may provide an alternate interface such as atouch screen, or some other means of interaction. It may utilize abrowser or other application configured to facilitate interaction with auser.

Computer 110 may incorporate one or more storage medium that maycomprise any method of storing information. It may comprise randomaccess memory (RAM), electronically erasable programmable read onlymemory (EEPROM), read only memory (ROM), hard disk, floppy disk, CD-ROM,optical memory, or other method of storing data.

Computer 110 may use an operating system such as Microsoft Windows,Apple Mac OS, Linux, Unix or the like, or may use dedicated operatingsystem.

Computer 110 may include means for communication over a network such asa local area network or the Internet to permit remote observation orcontrol over its functions.

Computer 110 may be used to permit adding and deleting authorized usersfrom the system.

FIG. 2 presents a block diagram illustrating the steps taken by a systemtypical of the prior art when a badge is presented to the system. Instep 202 the badgeholder presents his or her badge 106 to the badgereader 102. In step 204, the badge reader transmits the uniqueidentifier read from the badge 106 to access control panel 100. In step206 access control panel 100 evaluates the transmitted unique identifierto determine if access should be granted. This process may consist oflooking up the unique identifier in a database. If the unique identifieris in the database of permitted entrants, then in step 208 green LED 112is illuminated, and in step 210, access control panel 100 transmits asignal to the door lock 108 unlocking it 212 and permitting entry. Ifthe unique identifier is not in the database of permitted entrants, thenin step 214, there is no state change transmitted, and red LED 114remains illuminated, and door lock 108 (or turnstile) remain locked. Inother embodiments, the red LED may blink to indicate that access hasbeen refused. In some implementations, different color LEDs or patternsof illumination may be used to signal admittance or rejection. Theillumination of the “admit” LED and the unlocking of the door orturnstile may be simultaneous instead of sequential. Again, turnstilesmay be substituted for doors.

The accompanying hardware edge unit is designed to be placed on a wallor door next to the physical access point to be unlocked. This moduleincludes several sensors protected by a non-transparent piece of glass(provided that it includes transparent areas in front of the IR laserprojector and sensors), plastic or other transparent or non-transparentmaterial that permits the sensors and IR laser projector enclosedtherein to operate. The following renderings in FIG. 3 give an overviewof the design of the unit. FIG. 3a shows an exemplary facial recognitionmodule as viewed from the perspective of a person walking directlytoward the unit. FIG. 3b shows the same facial recognition module inperspective. FIG. 3c shows the same facial recognition module inrelationship with a door for which the facial recognition modulecontrols access.

This face recognition module is mainly based on a badge readerassociated with an RGB and depth sensors to be able to capture user'sfaces, as seen in FIG. 4. The edge unit also contains a processing unitand communication modules. It includes badge reader 402, RGB camera 404,and Infrared sensor 406. It may also include a small display to presentmessages, etc. to potential entrants.

FIG. 5 is a more detailed illustration of an embodiment of a facialrecognition access point module 500 according to one aspect of thesubject invention. Facial recognition access point module 500 includesan RGB (red, green, blue) camera 502 to capture visible light images.Preferably, RGB camera 502 is capable of capturing high-definition (suchas 1920 by 1080 pixel) images, though a variety of resolutions may beused. Facial recognition access point module 500 also includes infraredlaser projector 504. IR laser projector 504 includes both an IR source,and means for projecting structured light. In an embodiment, the IRsource could be a simple IR emitter that does not project structuredlight. Facial recognition access point module 500 also includes twoinfrared sensors 506 a and 506 b. Infrared sensors 506 a and 506 b arephysically separated in order to enable stereoscopic IR viewing, much asthe separation of eyes enables depth perception. Infrared sensors 506 aand 506 b are also preferably high-definition units (such as aresolution of 1280×720 pixels), though again a variety of resolutionsmay be suitable.

Each of RGB camera 502, IR laser projector 504, and IR sensors 506 a and506 b are connected internally to I/O interface module 508, which is inturn connected to processor module 510. In some implementations, I/Ointerface module 508 may be integrated into CPU 510. processor module510 may comprise multiple processors, memory, etc., and may compriseother components to enhance performance, such as one or more graphicsprocessing units (GPUs).

Facial recognition access point module 500 may also include one or morestatus indicator lights. These may consist of red LED 512 and green LED514. Alternatively, a combination of LEDs may used to generate a widerange of colors. These LEDs can be controlled by processor 510. Alsoincluded may be means for connecting facial recognition access pointmodule 500 to other devices, including Wiegand-based systems. Thusfacial recognition access point module 500 may also include a wire block516 or other means for connecting appropriate wires to the unit. Facialrecognition access point module 500 may also contain powersupply-related components 518, such as transformers, voltage regulators,surge suppressors, capacitors, batteries, etc. Facial recognition accesspoint module 500 may also contain one or more relays or solenoids 520used to trigger an unlock signal to the connected door or turnstile.Facial recognition access point module 500 may also containanti-tampering components 522, which may comprise accelerometers, lightsensors, temperature sensors or other means for detecting movement,removal from a wall, etc.

Facial recognition access point module 500 may also contain a badgereader 524. This permits new installations without requiring separatebadge readers, and also permits removal of old badge reading hardwarewhen retrofitted in legacy buildings.

FIG. 6 illustrates the major elements of a representative system used tocontrol access to a building or other secure area using an embodiment ofthe subject invention, where the subject invention is integrated into anexisting system providing badge-based access control.

It may include access control panel 100, and one or more access pointssuch as doors 102 or turnstiles (not shown). Doors 102 includeelectronic locks 106; turnstiles may similarly include remotelycontrolled means for locking and unlocking them. Facial recognitionmodule 500 will generally include a means for providing visual feedbackto the person presenting the badge, such as green LED light 112 and redLED light 114 (not shown in this image). As in FIG. 1 green willgenerally indicate that the user has successfully badged in, and isallowed to enter; at all other times the red light will generally beilluminated to indicate that the system is operational, though otherlighting signals are possible. Access control panel 100 may also connectwith one or more servers located in cloud 602. Access control panel 100may also connect to a computer 110.

In an exemplary embodiment, each facial recognition access point module500 may be connected using five or more wires: generally two wires forsupplying power, one or two wires to carry the LED signal from theaccess control panel, and two signal wires to communicate with theaccess control panel 100.

The proposed technology can be deployed by exchanging existing badgingunits with a new module containing the proposed technology. The hardwarecan utilize existing wiring to communicate with legacy door controllersand door access infrastructure.

This simplifies installation at locations that have existing investmentin door access systems, as no new wiring is required. FIG. 7aIllustrates this module swap in context of existing infrastructure.

Legacy badge readers 102 can be retained, or can be removed and thebadge readers in facial recognition modules 500 can be used for thatpurpose. Facial recognition access point module 500 is added to thesystem to enable facial recognition, and is connected to legacy doorcontroller, which is access control panel 100, which may connect withelectro-mechanical locking mechanism 108. Facial recognition accesspoint module 500 may also be connected to a remote server accessibleover the Internet located in the cloud 702, but may be physicallyconnected to a local server for security reasons. Electronic lock 108 isalso connected to authorization database 708, which may exist on accesscontrol panel 100. Authorization database 708 may also be connected to aremote server 702, which can be local or in the cloud, which may providemeans for remote monitoring, updating, etc.

FIG. 7b shows an alternative embodiment. As in FIG. 7a , legacy badgereaders 102 can be retained, or can be removed and the badge readers infacial recognition module 500 can be used for that purpose.Communication between facial recognition access point module 500 andaccess control panel 108 is bidirectional to enable LED signals (such assignifiers of admit/deny actions) to be transmitted to facialrecognition module 500. Facial recognition access point module 500 mayalso be connected to a remote server accessible over the Internetlocated in the cloud 702, but may be physically connected to a localserver for security reasons. Electronic lock 108 is also connected toauthorization database 710, which may exist on access control panel 100.Authorization database 710 may also be connected to a remote server 702,which can be local or in the cloud, which may provide means for remotemonitoring, updating, etc.

FIG. 8 illustrates an embodiment in which an access point sensor moduleaccording to one aspect of the subject invention may be used to directlycontrol door.

It may include an access control panel 100, and one or more badgereaders 102, which are typically located at access points such as doors104 or at turnstiles (not shown) Doors 104 include electronic locks 106.Badge readers 102 will generally include a means for providing visualfeedback to the badge holder, such as green LED light 112 and red LEDlight 114. As in FIG. 1, green will generally indicate that the user hassuccessfully badged in, and is allowed to enter; at all other times thered light will generally be illuminated to indicate that the system isoperational.

Facial recognition access point modules 500 are added to the system ataccess-controlled doors 104 and/or turnstiles. In an exemplaryembodiment, each facial recognition access point module 500 may beconnected using five or six wires: two wires for supplying power, one ortwo wires to carry the LED signal from the access control panel, and twowires to control the access control mechanism (door, turnstile, etc.).Facial recognition module 500 may also include a badge reader, as wellas means to read other forms of identification, including but notlimited to technologies such as Bluetooth. Facial recognition accesspoint module 500 may also be connected to a remote server accessibleover the Internet located in the cloud 602, and/or may be physicallyconnected to a local server 110 for security reasons.

Alcatraz AI is developing a module using color (often defined as “RGB”for red/green/blue images which are standard color images), depth andinfrared images for facial recognition. This module uses badging totrain the system with the user's face. Each time the person badges in,his face is recorded in the system. After a certain amount of time,usually after the first badging interaction, the system will have enoughprecision to work based only on facial recognition (no more badgingrequested). In alternate embodiment, the facial recognition access pointmodule 500 may capture a series of images prior to eliminating thebadging requirement, and may further require that each of the images areof sufficient quality (that is, with sufficient sharpness and withenough of the person's face being visible) to enable high accuracy. 3Ddata is able to detect all standard methods of spoofing (using apicture, a video on a screen, etc.) and prevent unwanted access.

In one embodiment, The authentication algorithm combines RGB, infraredand 3D depth data for better accuracy. The main algorithm is based onRGB and infrared processing while 3D data is used to confirm RGBauthentication and add further accuracy. In one embodiment, over time,as the system learns more and more, the 3D personalized facial model isalso used in recognition.

The proposed technology includes synchronized RGB, infrared and depthsensors. As traditional face detection algorithms work only on RGB data,a method needed to be invented to access face features from 3D mapping.Performing image detection on RGB and infrared frames and projectingthem to depth data improves accuracy and enables the system to detectspoofing, as well as improving the accuracy of recognition and tracking.Knowing the position and intrinsic parameters of each sensor and theirrelative extrinsic parameters, the combination of rotation, translationand dilatation transforms can be defined, as they are required to matcheach RGB, infrared and depth pixel.

This location estimate includes small uncertainties as both pictures arenot taken exactly at the same time. This estimate can also bequantified. FIG. 9 presents a visual explanation of this projectionmechanism.

Image 902 is an RGB image of a potential entrant. Image 904 is aninfrared image captured at roughly the same time. Arrows 906, 908 and910 illustrate how specific landmarks on the RGB image may be projectedon to the IR image.

Due to hardware limitations, two images theoretically shot at the sametime may still have a small delay in between them. When mapping oneimage onto another it is useful to know if they were taken at differenttimes and, if so by how much. Thus one aspect of the invention is to usetime stamps to help align IR and RGB images. If for example, an IR andan RGB image were taken only a few milliseconds apart, they likely canbe combined with high confidence, whereas if an RGB was captured 3seconds before a specific IR image, both the location and the facialexpression of the subject are likely to have changed too much to permitaccurate mapping of one onto the other.

FIG. 10 illustrates how an embodiment of the access point sensor modulemay be used to capture infrared structured light imaging of a personseeking entry. Infrared laser projector 504 projects an array of linesor points 1002 over an area that roughly corresponds to the field ofview of infrared sensors 506 a and 506 b, and that includes the facebeing analyzed. This produces an array of dots 1004. Because the twoinfrared sensors are separated from each other and from the structuredlight source by a distance, which can be as small as a few millimeters,or as wide as a foot or more, the structured light projected by infraredlaser projector 504 appears different to each of infrared sensors 506 aand 506 b, much as our two eyes perceive the visible light as it fallson objects differently. Just as the brain interprets those differencesin order to judge distance, whether interpreting the contours of a faceor hitting a baseball, processor 510 interprets the pattern of dots orlines 1002 in order to build a point cloud that comprises a 3D model ofthe detected face.

As you can see in FIG. 11, depth data gives much more details on theface than a standard 2D color picture. FIG. 11a is a representation ofthe kind of image data captured by an RGB camera. FIG. 11b shows thelimited number of facial landmarks that can be extracted from such animage. FIG. 11c shows the kind of image data that can be captured by apair of IR sensors when “reading” an object illuminated by structuredlight or a time-of-flight system, and FIG. 11d shows the number offacial landmarks that can be extracted from such a structured lightimage or a time-of-flight system. Similar results may be obtainedprocessing paired stereoscopic images.

The kind of data that can be generated from monocular visual (RGB)imaging of a human face may be limited relative to the information thatcan generated from infrared structured light, stereoscopic IR imaging,or time-of-flight imaging. Because a conventional RGB image isessentially two-dimensional, presenting digital values for each pixel interms of the amount of red, green and blue light captured for each, thelocation and shape of each structural feature of a face (mouth, nose,eyes, etc.) must be inferred from often subtle gradients in color,shading, etc. This processing generally yields a relatively crudeapproximation of the “architecture” of a face. Thus for an image 11 ataken with an RGB camera, applying typical algorithms for facialrecognition, it is possible to place only about 60 key reference pointswith reasonable accuracy, as shown in 11 b.

By applying structured light or time of flight imaging, and the gridprojected on an object such as a human face by infrared laser projector504, the resulting image is a point cloud such as that shown in FIG. 11c. Processing that image yields a 3-dimensional model of a face that maycontain 5000 points or more, as shown in 11 d. Such a model permits moreprecision in recognizing faces than is possible with only RGB imageinformation.

Anti-spoofing is required to prevent purposeful and malicious securityintrusions. A normal color or infrared 2D picture can be tricked easilywith a photo or a video. The proposed technology includes 3D picturesfor this specific application. A 3D map of the face gives very usefulinformation to detect such attacks. 3D facial characteristics areextracted and deduced if this matches generalized model of the face orthe specific personal face model. This method effectively prevents alltraditional spoofing methods such as 2D attacks using flat images andbasic 3D masks. An illustration of this 3D data variation is presentedin the FIG. 12.

FIG. 12a shows what may be thought of as a drawing of a face on a pieceof paper. An RGB image of such a drawing may extract features as ifpresented with an actual face. But the IR sensors reading structuredlight or time-of-flight imaging striking the piece of paper willgenerate a depth map like that shown in FIG. 12b , which is verydifferent from the depth map of an actual face.

FIG. 12c shows what may be thought of as an image of a face on displayedon a device such as a tablet computer. An RGB image of such an image mayagain extract features as if presented with an actual face. But the IRsensors reading structured light striking the display will generate adepth map like that shown in FIG. 12d , which is very different from thedepth map of an actual face. Similarly, time-of-flight imaging willgenerate a very different result than would result from an actual face.

FIG. 12e shows what may be thought of as an image of an actual face. AnRGB image of such an image may again extract the expected features. IRsensors reading structured light striking the display will generate adepth map like that shown in FIG. 12f , which is easily distinguishedfrom the objects presented to spoof the system. Similarly,time-of-flight imaging will generate a very different result than wouldresult from an actual face.

In one embodiment, The proposed authentication method is based oncombining recognition and anti-spoofing. The system will detect andtrack faces in front of the module. For each face detected, facialfeatures and descriptors will be extracted and processed to find apotential match in authorized users' database. Other factors likestride, clothes, height and skin recognition are also used to increaseaccuracy.

In one embodiment, The anti-spoofing algorithm runs in parallel of thisrecognition process. RGB facial features will be used to findcorresponding points in the depth map. After that, different predictionmethods and parameters are combined for best results. Even if thosemethods are always evolving, the main ones are described below.

The following are some of the spoofing methods used by a proposedalgorithm to determine if the detected face is a real one or not. Allmethods for spoof checking are processed in parallel and the results arereturned with their confidence levels. Depending on each one of thevalues, a method was developed, based on neural networks, to output afinal score with a decision. FIG. 13 presents how all those inputs arefed into the neural network (DNN) to generate the final prediction in anexemplary version of an aspect of the subject invention.

In step 1302, the (primarily) infrared-based anti-spoofing processbegins, and in step 1304, the (primarily) RGB-based portion of theprocess begins. In step 1306, depth-based facial landmarks are extractedfrom the RGB image captured by camera 502. In step 1308, the RGB-derivedfacial landmarks are extracted from the RGB image captured by RGB camera502. In step 1310, the RGB process determines which region of the imagecontains the critical region of the face (eyes, nose mouth, etc.). Instep 1312, the output of the computational process in step 1308 and theoutput of the process in step 1310 are combined to calculate therelative distance of the detected facial features from each other.

In step 1314, the facial landmarks computed in step 1306 are used tocompute a series of 3D angles 1316 a, 1316 b through 1316 n betweenthose facial landmarks.

In step 1318 the output of step 1312 is used to generate a normalizedseries of net distances from the base plane for the detected face.

With these data points, the system is now equipped to perform theanti-spoofing function. In step 1320, the quality of fit between thecomputed facial features and one or more stored model face maps isevaluated. In step 1322, a value for the distance between the face andthe facial detection module 500 is calculated. This is performed inorder to weight the quality of the image and related processing, sincemore distant images will have a lower resolution, and thus harder to useto make definitive decisions.

In an alternative embodiment, one or more of the previously describedsteps may be omitted and the equivalent function can be performed by theneural network described below.

In step 1330, the outputs of steps 1316 a through n, 1320, and 1322 arefed into a neural network for evaluation. A properly trained neuralnetwork can produce an answer as to whether a real face (vs. a spoofedimage) has been detected, together with numerical value or valuesindicating the degree of certainty associated with that answer. In step1332, that probability is compared to a threshold that may be externallyset. Thus the system may be configured so that if the evaluated imagesgenerate a, say, 90 percent probability that the system is viewing alive person, it is concluded that a real person is approaching, whilelower probability is considered too large a danger of spoofing, and thesystem is not instructed to unlock.

In another embodiment, a DNN as disclosed in FIG. 13 may be employed toperform additional processes described in Fig as being accomplished byother means. Thus it is also possible to as part of the subjectinvention to feed RGB and IR images directly into the DNN, and permitthe DNN to learn the factors necessary to differentiate between a2-dimensional representation of a face and an actual face.

As discussed, an aspect of the facial recognition process may be thecomputation of certain facial angles. Two examples of such a process areshown in FIGS. 14a and 14b . Each of 14 a and 14 b represent the kind offacial image data that can be extracted from RGB images of two differentfaces. Each small numbered point 1402 represents a landmark that can beextracted from a full-face image. These include points indicating theoverall shape of the face, and the edges of features such as the nose,mouth and eyes. Those landmarks permit facial recognition module 500 tocompute a series of angles 1404 between those points.

A similar process may be used as part of an anti-spoofing process, asdiscussed in more detail below.

Previous explanations described main authentication and anti-spoofingmethods. In an exemplary embodiment, There are additional checks thatneed to be done for extra anti-spoof security.

Those methods includes but are not limited to:

Person's height and build

Skin color and microtextures analysis

Liveness information and particularly micro-movements of the face

A challenge facing facial recognition technology is how to operate whenthe system captures an image that is partially occluded (such as byclothing, an object or person between the facial recognition module andthe face being evaluated, or facial hair), or when the person is facingother than directly toward the module, so that the relationship betweenthe landmark features of the face varies depending facial orientation.Even if one or more of these suboptimal conditions is present, it wouldbe advantageous to be able to perform facial recognition on the facialfeatures that are visible to the camera(s) and/or sensors, and to allow“in-the-flow” processing under such conditions. Thus in anotherembodiment, the invention comprises techniques for recognizing a facewhen captured images of that face are partially blocked or occluded.

One method of performing facial recognition is to detect and describefacial landmarks, and then to calculate the relationships between thosefacial landmarks. Those landmarks may include the inside and outsidecorners of the eyes, the pinna of the ears, the nostrils, etc. A facialrecognition system may collect over 100 such points. The highest levelof certainty is achieved when all of the points that can be plotted fora face have been captured. However, in a given use case, it may be thatthe loss of certainty when only a specified percentage of those points,for instance, 40%, are captured, is low relative to the associatedreduction in user friction. In addition, as described in more detailbelow, an aspect of the subject invention is the capture, processing andcategorization of images of a given user from a variety of angles, andunder a variety of conditions.

In another embodiment of the invention, a neural network processes theRGB image of the face, and extracts all the distinguishing facialfeatures it needs by itself.

An exemplary method that can be used to incorporate both 3-D imaging andRGB imaging in a facial recognition system is illustrated in FIG. 15.

In step 1502, IR laser projector 504 may emit structured light, orunstructured general IR illumination. In step 1504, the effect of thatlight is captured by IR sensors 506 a and 506 b. At the same time, instep 1506 an RGB image is captured. In step 1508 that image is analyzedto determine whether a face may be present in that image. If nopotential face is detected, then in step 1510, the process ends. If aface is detected, then in step 1512, facial landmarks are extracted fromthe RGB image captured in step 1506. In step 1514, the captured IR imageis used to create a depth map. In step 1516, the landmarks extractedfrom the RGB image are projected onto the depth map created in step1514. In step 1518, landmarks are in turn extracted from the depth map,using the landmarks projected from the RGB image to enhance accuracy. Instep 1520 the landmarks so extracted are passed on for furtherprocessing and comparison with stored information about previouslyrecognized faces.

Additional techniques may also be applied to detect attempts to spoofthe system. Such techniques may include, analysis of whole-body dataincluding height estimation and/or gait analysis. These approaches maypermit the system to perform these additional verification steps “in theflow,” without requiring potential entrants to stand in place before acamera and/or sensor at close range. Other techniques that may requiresuch steps include analysis of facial movements such as smiling andblinking. Another technique is to apply a combination of visible andinfrared sensors to detect the unique characteristics of skin, such assubcutaneous veins. Such techniques and others can be appliedindividually, or in combination. Neural network analysis can be used tocombine multiple sources of data with greater accuracy.

Another method according to the subject invention combines RGB and IRinformation to create a more detailed and accurate facial model.

Classification methods are used to process authentication and spoofingdetection methods and determine if the person is authenticatedsuccessfully. This information is forwarded to a lock, login or anysystem requesting this type of information. FIG. 6 16 presents a blockdiagram of the technical workflow from RGB and depth data to outputinformation “Successful ID or not” in an exemplary method.

The portion of FIG. 16 enclosed in dotted line 1602 is essentially thesame as is described in FIG. 13, and thus will not be described againhere. In step 1604, preliminary processing on the RGB image isperformed.

One aspect of preprocessing that may be performed is automated imageadjustment of the captured RGB image. A common technique for performingthis step is commonly referred to as Histogram of Gradient, or HoGprocessing. This is a method for expanding or compressing the contrastrange of an image to fit the captured image to occupy the full potentialdynamic range of the image. This form of image processing may beoptimized for the entire captured image, or it may be based on thecharacteristics of a specific region of interest.

Other preliminary steps may include cropping the image around thedetected face; matching the infrared and RGB images; determining if thecaptured images are clear enough to permit further processing (that is,considerations such as enduring that the image is not too blurred, andneither too overexposed or underexposed); and other potential checks onimage suitability. Other pre-processing steps may also be employed tomake subsequent processing more efficient. Similar steps may also betaken to pre-process whole-body images.

If multiple potential faces are detected and separated for processing insteps 1606 a, 1606 b through 1606 n. To separate them, the proposedmethod rank all detected faces from the most likely to go in to the lesslikely using three parameters: distance to the door, orientation of theface and position in the image. The following steps, illustrated onlyfor one such identified face for simplicity, will be performed for eachof them.

One aspect of the process is assuring that each face is properly trackedas people move within the field of view of the camera and/or sensors, atleast until they have been identified. Thus in step 1608 each face istracked, as described in more detail in Fig xxxx below. In step 1610 thesystem determines whether the tracking protocol is functioning correctlyand the tracked face roughly matches the face previously matched to thatmoving image.

Separately, for a detected face, in step 1612, the features of thecaptured face are extracted. This process can combine data from both RGBcamera and IR sensors. The extracted features may be applied to the FIG.13 process as well. In step 1614, the process of identifying thespecific person is initiated. In step 1616, pre-processing of the facialimage is initiated. This pre-processing may comprise automated exposureadjustment of the captured RGB image, as previously discussed. This formof image processing may be optimized for the entire captured image, orit may be based on the characteristics of a specific region of interest.

Other preliminary steps may include cropping the image around thedetected face; matching the infrared and RGB images; determining if thecaptured images are clear enough to permit further processing; anddetermining if the orientation of the subject's face will permit furtherprocessing. Other pre-processing steps may also be employed to makesubsequent processing more efficient.

In step 1618, pre-processing of the captured images of the entire bodyof the selected person is initiated. This may consist of similar stepsto those discussed above. Performing recognition of the body can beuseful for a number of reasons. For example, if the system has learnedthrough previous analysis that the face approaching the access point isattached to person who is roughly five feet tall, and the face beingtracked appears to be attached to a person who is more than 6 feet tall,that can be an indicator of a spoofing attempt, or a reason to reject aspecific identification. It is also possible to detect and analyze aperson's gait, another distinctive biological trait that can be used toidentify a user or detect spoofing.

In step 1620, the IR-based portion of the principal facial recognitionprocess is performed. In step 1622, the RGB-based portion of theprincipal facial recognition process is performed. In step 1624, theprincipal portion of the body recognition process is performed. Thisprocess may include analysis of the person's body shape, clothing,height, stride, and other factors. In step 1626, the results of IR imagefacial processing, RGB image facial processing and body image processingare combined and weighted in so that a single profile of the personseeking admission is ready for evaluation. In general, face recognitionwill be weighted most heavily, followed by height, followed by othercharacteristics. In step 1628, the output of step 1626 is evaluatedagainst the database of recognized users to determine if the person isrecognized. If the person is recognized with a sufficient confidencelevel, then in step 1630, the access point is unlocked to permitentrance. If the person is not recognized as a permitted entrant, thenin step 1632, the process ends without unlocking the entry point.Alternatively, if the person remains with view of the camera andsensors, additional images may be captured and analyzed. As anadditional alternative, if a person is not recognized with asufficiently high confidence level, the person can be prompted topresent a badge to validate the identification.

In an alternative embodiment of the process illustrated in FIG. 16,steps such as computation of facial angles may be performed by a neuralnetwork without prior encoding of the characteristics of real faces vs.2-dimensional representations.

As described above, the subject invention may comprise the use of facerecognition as the primary or only authentication tool in an accesscontrol system. However, it can also comprise a multi-modal system thatcombines face recognition with other technologies, including badgereaders. FIG. 17 illustrates the high-level architecture of an exemplarysystem that includes both badge readers connected directly to facialrecognition modules 500 and face recognition hardware and software. Instep 1702 the facial image data to be evaluated is received. In step1704 the image is processed for facial recognition. If the face is notrecognized in step 1706, then in step 1708 the facial image is saved fora potential new identification, and no signal is sent to the door lockor turnstile, regardless of whether a valid badge is presented to thebadge reader. In step 1714 it is determined if the identified facebelongs to an authorized entrant. If not, then in step 1716 the entryattempt is rejected, and the access point does not unlock.

Separately, in step 1710 a potential entrant presents a badge to thebadge reader 102 (or a badge reader incorporated into facial recognitionmodule 500). (The badge swipe can occur before, during or after imagecapture and processing.) In step 1712, the badge number is extractedfrom the badge reader. In step 1720, the badge number as extracted fromthe presented badge is compared to the badge number associated with theidentified face. If the two badge numbers do not match, then the processends without unlocking the access point. Optionally, the system mayrecord the unsuccessful attempt, send an alert, flag the record of thebadge number for review, or some other means of acting on the failedattempt. If the badge numbers do match, then in step 1722, the systemsends an unlock signal to the access point.

It should be noted that some or all of the steps described as takingplace within the facial recognition module can instead be undertaken bya central processor or control access panel communicating with aplurality of facial recognition modules.

The operation of another exemplary system is described in FIG. 18.

In step 1802 it is determined which of several possible modes ofoperation is to be used. If both facial recognition and badge numbersare to be used, the process starting with step 1804 is followed; iffacial recognition-only is applied, the process starting with step 1806is followed. (It is also possible to operate in badge-only mode, inwhich case the steps shown in FIG. 18 will not apply.)

In step 1808 the facial image data to be evaluated is evaluated and theperson is identified. In step 1810 the presented badge is read toextract the badge number. In step 1812 the badge number and identity ofthe person in the facial image are compared. In step 1814, the systemdetermines how to act based on that comparison. If the captured imageand the badge number do not agree, then in step 1816, the image is addedto the image database. If the badge number and image agree, then theprocess advances to step 1820.

The process of choosing when to add images to the database may dependupon the level of training the system has reached with a given user. Forexample, if the database includes fewer than a set number of storedimages of a user, the system may store each captured image above acertain quality threshold until the set number of stored images isreached. After that number of images has been stored, the system mayfirst compare new images to stored images, and either add the new imagesif they are of higher quality than the previously stored images, orpresent usefully different images, such as from different angles, ordifferent lighting conditions, or the like.

In step 1820 the badge number as read in step 1810 is evaluated. If thebadge number is not authorized for entry, then in step 1822 entry isdenied. In step 1830, it is determined whether or not the image is ofsufficient quality to support identification. If quality isinsufficient, then in step 1832, entry is denied. If quality issufficient, then in step 1834, the door or other access controlapparatus is unlocked.

If the system is operating in facial recognition-only mode as determinedin step 1802, then in step 1806, the captured facial image is processfor recognition. In step 1842 the processed image is compared to thedatabase of images. In step 1844 it is determined whether the imagematches an authorized entrant. If not, then in step 1846, the entryattempt is rejected. If it does match, then in step 1848 the systemeither sends the appropriate signal to access control panel 100, ordirectly triggers the door to unlock, depending on the implementation.

For any security system there are tradeoffs between speed andconvenience on the one hand, and accuracy and security on the other.When a facial recognition system is new, or when a new user ispresented, the system has not yet accumulated a library of capturedimages to which the new image may be compared. Accuracy generallyrequires multiple captured images. Thus an image-based systems willeither be slow and inconvenient (requiring a user to present him orherself for multiple image captures before gaining entrance), orinsecure (by setting a low threshold for admission until an adequatelibrary has been developed), or both.

Another great improvement proposed is a badge learning method. Standardbiometric systems request the user to perform an additional out of normregistration process to be included in the system and user setup. Withthe proposed technique, users can keep their existing badges. No morespecialized enrollment needed. The first time a user approaches aphysical access point, their badge is scanned and pictures of the personare bound to their badge ID and stored in the system to train therecognition algorithms. Even if the person is recognized, the systemwaits until enough data is present to reach a very high accuracy beforeswitching to full facial authentication. When this accuracy is reached,the person can go in and out using only their face. This badge learningconcept is illustrated by FIG. 19a through 19 c.

In FIG. 19a , a potential entrant approaches a controlled access pointfor the first time (or the first time after the installation of thefacial recognition system). Because the person is not recognized, abadge swipe is required in order to gain entrance. In FIG. 19b , thepotential entrant seeks entrance again, having previously done so asmall number of times. The facial recognition system has not yet builtup a sufficient library of images to permit badgeless entry, and againrequires a badge read. In FIG. 19c , the facial recognition system hasbuilt up a sufficient number of images that it is able to recognize aspecific user (here called “Joe”) and permits him to enter withouthaving to badge in.

A system that combines badge readers and facial recognition modulespermits the facial recognition system to learn by pairing the uniqueidentifier of a user's badge with that user's facial images. FIG. 20 isa flowchart describing the steps involved in an exemplary process toemploy a system that includes badge readers to train the facialrecognition system.

In step 2002, a facial image is captured. (It should be noted that it isalso possible for facial recognition module 500 to capture and process aseries of images in a single physical approach by a potential entrant;for simplicity, a single image is discussed.) In step 2004, thepotential entrant submits a badge to the badge reader and the badgenumber is extracted. In step 2006, the image is processed for facialrecognition. In step 2008, it is determined whether the system hasstored other images associated with the badge number. If not, then instep 2010, the image is stored. If other images associated with thebadge number have been stored, then in step 2012, the new image iscompared to the stored images, and in step 2014, it is determinedwhether the match is close enough to conclude that the same person ispresenting the badge as in previous attempts. It is likely to bedesirable to employ a form of dynamic scoring, such that for a newinstallation, a lower confidence level is required than in a maturesystem, and so that a lower confidence level is required the second timea specific badge number is presented compared to the fiftieth time.Another approach to dynamic scoring is to condition the system'sresponse based in part on the level of confidence in a given instance offacial recognition. For a high level of certainty of a match with anauthorized entrant, a badge swipe may not be required; for a high levelof certainty that a person is not an authorized entrant, even a badgeswipe may not result in admittance. For a low-confidence identification,the person may be allowed in if the badge swipe corresponds to thetentative identification. If a match is not indicated, then in step2016, the entry attempt is rejected. If a match is indicated, then instep 2018, it is determined whether the badge number presented indicatespermission to enter at that entry point. If the badge number does nothave permission at that entry point, then in step 2020 the entry attemptis rejected, and the door does not unlock. If the badge number does havethe requisite permission, then in step 2022 the door is unlocked.

Once a system that includes both badge readers and facial recognitionmodules has accumulated a sufficient number of images of a given user,the system may be used so that facial recognition alone is sufficient togain entrance to a building, and employees may not be required to usethe badge reader to gain entrance (except when the facial recognitionprocess results only in a low-confidence identification). This methodwill reduce friction at access points. Ideally, it will permit a user toenter as if the security system was not there—there will be no need tostop or slow down or stare into the camera and/or sensor unnaturally.

Additional approaches to learning are described in FIGS. 21a and 21b .FIG. 21a illustrates an exemplary process for learning using only facialrecognition (that is, without matching up the user with a badge number).This learning process is applied to every new user to be included in thedatabase. Several users can be totally enrolled while others are juststarting the process. Any new person will have to complete this processto unlock full functionalities. In step 2102 a face is detected. In step2104, it is determined whether that face can be identified. If not, thenin step 2106 the access point is not unlocked. (If a user subsequentlyprovides an authorized, badge, the person can enter.) If the face isidentified then in step 2108 it is determined whether or not theidentified person is authorized to enter at the access point. If theperson is not authorized (either because the person is not recognized,or because the system can tentatively recognize the person, but has notaccumulated enough images of the person to provide sufficient confidencein the identification), then in step 2110 the access point again is notunlocked based on facial recognition. If the recognized face isassociated with an enrolled account, then in step 2112, it is determinedwhether the confidence level in the facial identification is above a setthreshold. If it is not above the threshold, then in step 2114 theaccess point again is not unlocked based on facial recognition. If theidentification is above the threshold for a high-confidenceidentification, then in step 2116 the access point is unlocked.

FIG. 21b illustrates an exemplary learning process that includes bothfacial identification and (roughly) simultaneous badge read. In step2120, both the badge read and facial image are input. In step 2122 it isdetermined if the captured image matches an authorized face in thedatabase with very high confidence. If so, then in step 2124 the personis admitted, and the face is associated with the submitted badge number.If not, then in step 2126, the level of confidence in the facialidentification is evaluated. If the confidence level is low, then instep 2128 the entry attempt is rejected. If the confidence level is atleast above a set level, then in step 2130 the identification is againevaluated. If the identification does not meet a required level ofconfidence, then in step 2132 the attempt is again rejected. If it doesmeet the minimum requirement, then in step 2134 the door is unlocked.

It should also be noted that the subject invention contemplates not onlya system that captures and stores images as images, but a system inwhich the images are processed to extract key aspects of the images, andonly that information, which may be thought of as metadata, is stored.Such metadata may be based on aspects of the images such as depthinformation about the face, the size and shape of and distances betweenkey landmarks (eyes, nose, mouth, etc.) or other descriptive and/ordistinctive aspects of the image. An advantage of converting images tosuch metadata and storing the data that way is that the images areeffectively encrypted in that form, and thus the images and associateddata stored in the system are likely to be useless to a hacker even ifthe data is somehow extracted from a facial recognition module.Additionally, more and more countries are creating minimum regulatorythresholds for security and protection of personal identifiableinformation (PII). By storing abstract metadata, the system avoidsstoring PII.

Different methods of controlling access to a secure building or area cancreate vulnerabilities that malicious persons could use to gain access.An additional concern with an access control system that uses computersand stored data is that the computers, and the data stored on thembecome targets for hacking as well. If a computer system includespersonally identifiable information, or PII, that increases theirattractiveness as targets, and the damage that could be caused by anintrusion. These issues are particularly concerning when securitysystems operate using a public “cloud” for the storage and transmissionof sensitive data.

It is therefore desirable to implement an access control system thatenhances the separation between PII about building entrants and thesystems used to admit them. Thus another aspect of the subject inventionis that it may be implemented so that the access control system does notknow the identity of recognized users beyond their badge numbers (whichare generally encrypted), plus highly abstracted metadata about theirfaces. Thus there is little or no value to a malicious actor to the datastored on the systems used to perform facial recognition. Thus a systemaccording the teachings of the subject invention may operate without anyPII other than the badge number of a user.

The process of curating images relative to single user is intended tomaximize the probability that the system will be able to quicklyrecognize that user. Thus while the initial emphasis is on accumulatingmultiple images of at least a minimum acceptable quality, once a minimumnumber of images has been collected, the goal becomes maximizing thequality of those images. A variety of weighting heuristics may beemployed to optimize the image library. Thus weight may be given to thequality of the images; to how recent those images are; to ensuring thatimages from a variety of lighting conditions (such as early morning,midday and evening); or to other factors such as facial expression,degree of blur, etc. As the system acquires new images that aredetermined to be of higher quality than similar previously storedimages, the old images may be purged in order to reduce memory andstorage requirements. The system may also store multiple sets of imagesfor different “looks” for a user, such as winter clothing vs. summerclothing; bearded vs. shaved faces, etc. Images may also be categorizedby the orientation of the face relative to the camera and/or sensors.

This embodiment may also be used to implement a longer-term two-factorauthentication system. In other words, users may be required to both runtheir badges through the badge reader and be recognized by the facialrecognition system.

One such approach is to apply the facial recognition as describedherein, and apply the user's badge as a secondary check that is informedby the results of the facial recognition process. Thus if facialrecognition results in a high level of confidence that an entrant is aspecific approved person, the system can either admit that personwithout requiring a badge, or use a badge swipe as secondaryconfirmation depending on the level of security desired by a specificfacility. If facial recognition results in an identification that fallsbelow a specified level of confidence, the system can require a badgeswipe in order to open the door or unlock a gate or turnstile, etc.Finally, if the prospective entrant is not recognized, is recognized asa (specific) non-authorized person, or if the recognition falls belowthe specified threshold, and the user either cannot produce a badge, orprovides a badge that does not correspond with the identity of theperson as determined by facial recognition, the person can be deniedentry.

As previously discussed, an objective of the subject invention is toenable authorized persons to enter an access-controlled area with littleor no friction. In order to accomplish this, the invention alsocomprises methods for recognizing authorized entrants without requiringthem to alter the normal process of entering a space as if access wasnot controlled. This requires that the facial recognition module, andthe image processing software that is used on the images captured by themodule, need to be capable of recognizing faces while people are inmotion.

A user starts approaching a door with the intent to enter. By the timehe reaches the door the authentication and anti-spoofing are alreadydone and the door is unlocked. The main goal is removing the userinteraction with the security system. In most cases, the user should notnotice the security checkpoint.

Quick in-motion detection is key to user experience. While a user isapproaching the door, the proposed system starts processing his face ataround 3m distance.

As the person gets closer, the accuracy of the data and theauthentication improves. The system is able to process many views (fromdifferent distances) of the person before he arrives at the door. As theperson gets close to the door, the authentication algorithm would havechecked all parameters and determined if the person is authorized to goin. If yes, the door is unlocked before the person reaches the door. Ifnot, further info is displayed on the module's screen.

The user is simply approaching the access point (from top left to bottomright). The proposed authentication method starts capturing andprocessing facial data when user is close enough and within the field ofview (FOV).

FIG. 22 provides a visual of this concept.

A potential entrant 2202 walks toward an access-controlled door 2204.Facial recognition module 500 is mounted on the wall near door 2204. Thecameras and sensors mounted on facial recognition module 500 each have aspecific field of view 2208, sometimes expressed as an included angle.They will also have a specific range beyond which a face, even ifdetected, will not be captured with sufficient resolution to enableaccurate recognition. And although it is not necessary for a person tobe looking directly at the camera or sensor for facial recognition to beperformed using the subject invention, the divergence of the orientationof the face from the camera and sensors does have limits—the personcannot be facing 180 degrees from the camera and sensor. In someimplementations, a divergence of greater than about 45 degrees mayrender facial recognition unreliable. Together, these factors mean thatthere will be a relatively short interval during which a face must befound and recognized in order to permit “in the flow” permissioning.

The final user experience target is “In the flow”. The user does nothave to be aware there is an identity control during normal operation.When a user is approaching the door, if he is recognized andauthenticated, the door is unlocked and no additional user interactionis required. If not, the user interface will request the user to badgein. FIG. 23 provides a simplified representation of the setting.

A potential entrant 2302 walks toward facial recognition module 500,which is mounted on the wall near an access-controlled door (not shown).The cameras and sensors mounted on facial recognition module 500 eachhave a specific field of view 2308. The capabilities of facialrecognition module 500 are partially dependent on the distance betweenpotential entrant 2302 and facial recognition module 500. When potentialentrant 2302 enters the region defined by field of view 2308 and therange at which RGB camera 502 is capable of capturing potential entrant2302 with sufficient resolution 2310, facial recognition can begin. Whenpotential entrant 2302 approaches further, and reaches the regiondefined by field of view 2308 and the range at which infrared sensorsxxx are capable of capturing potential entrant 2302 with sufficientresolution 2312, anti-spoofing processing can begin.

Unless done extremely efficiently, “in the flow” facial recognitionrequires considerable computational power, and requires processing alarge number of large image files. An aspect of the invention is amethod for optimization of the process of finding, tracking andidentifying faces in order to reduce computational load and thereby bothspeed up identification and make it possible to perform the requiredprocess using relatively inexpensive microprocessors.

The first method is checking the distance of the user to the sensor. Ifthe sensor is far away from the person, the data accuracy will bereduced. Second method is checking if the face depth map fits a plane orif there are any 3D variations in it. Third method measures multiplephysical angles between both sides of the face and uses this angle valueto determine potential spoofs. A real face will be around 60 degreeswhen a piece of paper will be close to 180 degrees. Finally, anotherapproach is to analyze the 3D mapping of the face and compare it to ourfacial print dataset to determine if it matches a generalized facemodel. FIG. 24a through 24d presents visuals of those four mainparameters and methods, which can be run sequentially or in parallel.

In FIG. 24a , a person potentially seeking entrance to a restrictedaccess area gets close enough to facial image recognition module 500 fora useful image to be captured. In FIG. 24b , the person has approachedto within adequate range to perform facial recognition, and the facialrecognition program performs an initial evaluation to determine if ahuman face is being presented. In FIG. 24c , depth-based facialrecognition may be performed including measuring angles presented by thepresumed face. In FIG. 24d , the full 3-D map of the face in thecaptured image is compared to those in a previously collected facialimage database and/or to the two-dimensional image to confirm thatfeatures extracted from the 2D image correspond to features in the 3Dimage.

FIG. 25 is a high level flow chart illustrating the steps involved in anexemplary efficient facial recognition process. In step 2502, RGB cameraxxx captures an image of the entire field of view of RGB camera 502. Instep 2504, the captured image is analyzed—not (initially) for purposesof determining who is there, but simply to determine if the capturedimage includes a person, and if so, where in the captured image theperson is. This is a computationally simpler task, and can be completedrelatively quickly. This step can consist of searching for a face, or itcan consist of searching for a shape likely to be human body. In step2506 it is determined whether or not a person appears to be present. Ifno face or body is detected then the process loops until a face isdetected. When a person is detected, the region of interest, or theportion of the field of view that contains the image of interest (theface) is defined in step 2508. This region can be of virtually anyappropriate size. In the currently preferred embodiment, it can be assmall as 120 pixels by 120 pixels. In step 2510, a subsequent RGB imageis captured, and the image region defined in step 2406 is analyzed todetermine if the person has moved, and if so, in step 2512 the amount ofmovement is estimated. This process can be computationally intensive, sothe load on the processor is reduced by limiting the analysis to thepreviously defined region, or a region slightly larger to accommodatepotential motion. If the person is determined to have moved in 2514,then in step 2516 the defined region of interest is adjustedaccordingly. A variety of techniques may be used to track one or moreobjects of interest. One such method is known as Kalman Filtering. Thisapproach uses a series of measurements observed over time, which maycontain inaccuracies such as noise and other errors, and producesestimates of unknown variables or states. A dynamic model is createdthat, based on a set of initialized states, compares the predictedoutput of the model to the actual measurement of the object of interest.The delta, or difference, between the measured value and the predictedmodel is used to adjust the model state values. In this way the objectis “tracked”. However a variety of methods can be used to detectmovement and track changes in the region of interest. In step 2518 thedefined image region is processed in order to recognize the capturedfacial image. In step 2520 it is determined whether the systemrecognizes the analyzed face. If the face is not recognized, then steps2510 through 2518 are repeated. If the face is recognized, then in step2522 the images captured by the IR sensors are analyzed. Tracking maycontinue the entire time a given human figure is within view of thecamera and sensors. The system may also attempt to locate a person whohas moved out of view of the camera and sensors for a period after thelast “sighting,” and attempt to match images taken before the “dropout”with those take after.

It should also be noted that the processes described herein may in somecircumstances exceed the capabilities of processor 510 if pursuedsimultaneously. It may therefore be advantageous to provide the systemwith heuristics that prioritize tasks so that less essential tasks canbe skipped. Thus for example, if the system is tracking multiple peopleapproaching an access point, various processing steps may have to beperformed on only every 2^(nd) or 3^(rd) captured image of each person,rather than on all captured images.

In step 2524 the images captured by the infrared sensors are analyzed todetermine whether the image is an actual person, or a spoofed image suchas a printed photograph or tablet computer. As in step 2508 above, theanalysis of the infrared images is restricted to the defined image areain order to reduce computational load. If the analysis of the infraredimages determines that the captured image is not spoofed, then in step2526 the positive and validated identification is passed forward, eitherto trigger unlocking of the door or otherwise. If the image isdetermined to have been spoofed, then in step 2528 no action is taken tounlock the entrance. In addition, in certain implementations the systemmay send a notification of the spoof attempt, record the imagesassociated with the step, or both.

FIG. 26 illustrates an exemplary optimization method that can be used bythe subject invention to reducing processing load by restricting theportion of the captured image to be analyzed. Once a human form 2602 hasbeen found, and a face 2604 has been located, region of interest 2606 isdefined such that it includes the located face plus a margin of error,to make it more likely that, even if the subject is moving, the nextcaptured image will still contain most or all of the face.

Alternatively, the invention can used to detect an area of an imagelikely to contain human skin, and based on the assumption that a facewill generally be located somewhere above that area of skin, focusefforts to locate a face in that region.

In another embodiment, the invention also comprises methods forpreventing unauthorized persons from entering a controlled space byfollowing an authorized person, also known as “tailgating.” Tailgatingis a way of gaining entrance to a restricted area by walking in behindan authorized person (whether or not the authorized person is awaresomeone is behind them). Social conventions tend to pressure theauthorized person to hold the door open to be polite, even if they arenot sure they even know the person behind them, thereby enabling anunauthorized entry.

Because the facial recognition module is capable of detecting multiplepotential entrants simultaneously, an aspect of the subject invention isthat it can significantly reduce or even eliminate the possibility oftailgaters entering a controlled space. FIG. 27 illustrates how thesubject invention can be used to detect multiple potential entrantssimultaneously. Facial recognition module xxx may find multiple humans2702 a, 2702 b through 2702 n in the vicinity of the controlled accesspoint. Image processing permits the facial recognition module 500 todetect each such human form, their associated faces 2704 a, 2704 bthrough 2704 n, and define regions of interest 2706 a, 2706 b through2706 n.

Once the system has determined that multiple potential entrants are inthe vicinity of the controlled access point, the appropriate action tobe taken can be set by policy. For example, if multiple people areapproaching an access point and one of them is not authorized, or if oneperson's face is not visible to the facial recognition module, dependingon policy, the door can be kept locked until everyone is authorized, orby asking for a second method of authentication, or an alert can betriggered. Other potential options are to open the door and notifysecurity, to keep a log of each such unauthorized person (and admit bothpeople, or not), or to admit the unrecognized person or persons and givethe unrecognized person a timed window (of an number of minutes)—enoughtime to check-in and obtain permission to enter in another form, such asfrom an attendant in a lobby. If the unrecognized person does not do sowithin the permitted interval, a notification can be sent to buildingsecurity or another designated responder.

Receiving real-time authentication data from a single or multipleconnected units, it is up to the administrator's policy to decide how toenforce physical access control and notifications based onanti-tailgating. For example, if multiple people are approaching anaccess point and one of them is not authorized, depending on policy, thedoor can be kept locked until everyone is authorized, by asking for asecond method authentication. The admin has the option to also open thedoor and notify security, keep a log of the unauthorized person or givethat person a timeout of 5 minutes, enough time to check-in at thelobby. If this action is not completed, a notification is sent.

Real world use case of the technology includes multiple people approachand authentication. The technology handles this by processing allincoming pictures simultaneously. Each face is processed as a separatedinput and prediction is generated before the group reaches the door.

FIG. 28 is a flowchart describing high-level exemplary steps that may beused to determine the appropriate action when multiple potentialentrants are detected. In step 2802, the RGB camera captures an image.In step 2804, processor 510 analyzes the image. If in step 2806 only oneperson is found in the image, then the anti-tailgating process loopsback to step 2802. If facial recognition module 500 determines that morethan one person is within a specified distance from the entry point,then the anti-tailgating process continues, and in step 2808 it isdetermined whether all persons determined to be within the defineddistance have been identified. If all persons determined to be withinthe defined distance have not been identified, then in step 2810, thesystem performs the previously specified anti-tailgating response.Potential anti-tailgating responses may include one or more of: notunlocking the access point until any unidentified persons have left thespecified area; unlocking the access point, but triggering an alert, orlogging the tailgating event, either when denying entry or afterallowing it.

If all persons within the defined distance have been identified, then instep 2812 it is determined whether all of those persons have therequisite permission to access the controlled entrance. If they do, thenin step 2814, the access point is unlocked. If not all persons have therequisite permission, then in step 2816, the system performs thepreviously specified anti-tailgating response. Potential anti-tailgatingresponses may include one or more of: not unlocking until anyunidentified persons have left the specified area; unlocking the accesspoint, but triggering an alert, or logging the tailgating event, eitherwhen denying entry or after allowing it.

FIG. 29 presents options that can be followed in the event tailgating isdetected. If a tailgater is detected 2902 following an authorizedperson, a definable administrative policy can automate one or more ofunlocking the door 2904 (or not unlocking it), notifying anadministrator or building security 2906, and logging the time of theevent 2908.

Another aspect of the invention is the process for generating,evaluating and storing useful images of potential admittees in order toimprove accuracy and reduce friction. In a real sense, a facialrecognition system does not actually recognize faces; it simply confirmsor rejects the possibility that the image it is evaluating is a “closeenough” match to one or more images stored in a library of images. Thusit is very important to curate that library in order to ensure that itcontains high-quality images that will best support the evaluationprocess. When a priority for the access control system is to enableauthorized admittees to minimize interaction with the system that meansthat the system will ideally be capable of validating users even if theyare not facing the camera and sensors, or if their features arepartially blocked by clothing, glasses, facial hair, etc.

Facial recognition requires a lot of pictures of the same user to beefficient. This proposal replaces traditional biometric registrationprocess with learning through the normal user badging process. Eachperson receives a badge and uses the system like a traditional badgecontrolled access point. The first time the user badges in by the door,multiple facial scans are stored in the system and a new 3D face modelis built. The badge number is binded to the facial data. The systemoutputs a badge number as normal When the system has enough data to havea high confidence on the recognition, it will recognize the user withenough precision and the badging will not be required any more. Usuallythis method requires one badging interaction. This approach removes allregistration and setup steps which are time consuming. In addition, allfacial data captured and stored will be under the normal usageconditions which would provide better facial recognition accuracy.

The facial recognition method uses previously stored RGB, infrared, anddepth pictures of the same person to generate the model for matching.The model and the recognition accuracy is also improved over time aseach user uses the system more. This training throughout several daysallows the system to become robust to personal and external changes.

Here is a non-exhaustive list of the fluctuating parameters which areaffecting the recognition accuracy but improved with continuouslearning:

Clothes

Makeup

Haircut and beard (hiding one portion of the face)

Facial expression (tired, smiling . . . )

Position of the face compared to the module (right, left angled, portionhidden by something else)

Distance from the module

Speed of the person

Movement

Lighting conditions

FIG. 30 illustrates how a library of images increases the likelihood ofcorrect facial identifications. When an unidentified person 3002approaches a facial recognition module, at least one image is captured.Assuming that the captured image or images are “good enough,” and thatthe person presents a badge 3004, facial recognition module 500 comparesthe captured image to stored images 3006 a, 3006 b, 3006 c through 3006n associated with that badge number. The more images the systemaccumulates, particularly including a variety facial expressions and ofangles relative to the camera and sensors, the better the chances ofaccurate identification. The higher the quality of the images the systemaccumulates—that is images in which most or all of the face is visible,well lit, and generally facing toward the camera, the better the chancesof accurate identification. The system will keep learning the person'sface even if the person is fully enrolled. This continuous learningimproves accuracy because someone's appearance changes over the time.

In another embodiment, the invention also comprises systems and methodsfor coordinating and sharing data regarding authorized entrants acrossmultiple devices and multiple entry points. In a multi-entrance contextsuch as a building or campus with multiple entry points, a user maygenerally use a single entry point, and thus that entry point mayaccumulate a large number of images of that user. When that userapproaches a different access point (assuming it is also a permittedentry point), that user will expect the system to recognize her. Thiscan be accomplished by sharing images (or the metadata extracted fromthem) between access points.

The proposed technology can be deployed self-contained or connected tomultiple units. One of its key features is synchronized learning withina group. Groups can be configured and defined based on the company,facility, location, etc. All data recorded at any of these access pointswithin the group using the technology will be aggregated and shared toprovide a more complete dataset of face models. If a person isregistered and recognized at a door, all other doors within the samegroup will be able to recognize him without additional learning.

FIG. 31 illustrates an exemplary method that can be used to sharerecognized faces among multiple access points. In step 3106, metadata isextracted from image 3102 and paired with user ID 3104. The metadata mayinclude, but is not limited to characteristic facial landmarks, angles,skin luminosity, etc. In step 3108 the metadata is evaluated forquality, so that only information that will likely be useful for futurerecognition interactions is shared. If the extracted metadata is ofinsufficient quality, then in step 3110 the process ends. If theextracted metadata is of sufficient quality, then in step 3112 themetadata is transmitted to a server in the cloud, and in step 3114 thecloud server in turn sends the metadata to other relevant facialrecognition modules. (Relevant modules may be those located at otherentrances to the same building, other entrances within a campus, or maybe defined in another way.)

In step 3116 a receiving facial recognition module determines if thereceived metadata matches the environmental conditions affecting thereceiving module. For example, if the metadata was generated from animage captured in bright sunshine, creating a very high-contrast imagewith deep shadows, and the receiving module is located indoors wherelighting is always even, producing low contrast, the received metadatamay not increase the accuracy of recognition by the receiving module. Ifthe environmental conditions are similar enough, then in step 3120, themetadata is saved by the local unit. If not, then in step 3122, theprocess ends without saving.

Another challenge for an access control system that is designed tominimize friction and required interaction may arise in a context inwhich multiple access-controlled doors are relatively close together,such as in a hallway. In some contexts, it will be inappropriate orprohibited to simply open all such doors when a person who is to bepermitted access to only one of those doors approaches. Opening multipledoors unnecessarily may also create security vulnerabilities—a personnot in view of the facial recognition module may be able to enterundetected. In another embodiment, the invention also comprises systemsand methods for determining, in the case of a location with a pluralityof separately controlled entry points, which of those entry points auser seeks to enter. By capturing and analyzing the trajectory and gazeof the potential entrant, the subject invention may be used to predictthe door the users seeks to enter, and unlock only that door. FIG. 32 isa flowchart describing the steps of a high level exemplary method forselecting which of multiple doors should be opened.

In step 3202 an image of the potential entrant is captured, and in step3204, the image is processed. (In an actual implementation, a series ofimages will be captured and analyzed, but for simplicity a single imagecapture is described.) In step 3206 the trajectory of the potentialentrant is calculated; in step 3208 the gaze of the potential entrant isanalyzed. In addition to these steps, the direction in which thepotential entrant is facing may be analyzed, and other indicators ofintent may be detected. In step 3210 these inputs are used toextrapolate the likely door the person is approaching.

Separately, the detected face is used to perform facial recognition 3212as described previously. In step 3214, it is determined whether theidentified person is authorized to enter the door the person isapproaching. If so, then in step 3216, that door is unlocked. If not,then in step 3218 the process ends without unlocking a door.

In practice, it may be advisable to perform the predictive steps 3202through 3210 iteratively, so that the accuracy of the predictionimproves both with more data and as the user gets closer to the intendeddoor. When multiple people are in a multi-door environment, all of themmay be separately tracked, both for intent (in order to decide whichdoor or doors to open) and for anti-tailgating (to make sure onlyauthorized people enter each door).

A related problem for a facial recognition-based access control systemis that it will not always be the case that a person who is near anaccess-controlled entry point will actually intend to enter. People maycongregate near a doorway, sit outside or otherwise be in the vicinitywithout actually intended to enter. Thus it will be advantageous to beable to only open the access point if the recognized person manifests anintent to enter. In another embodiment, the invention also comprisessystems and methods for detecting whether a person in the vicinity of anentry point intends to enter.

The proposed technology is currently able to detect and recognize people3 meters from the sensor. This can be concerning if an authorizedindividual is walking in front of the entrance but not planning to goin. For example in a hallway, a person can pass several entrances beforegoing through one. Only intended doors must be unlocked for securityreasons.

The proposed module includes facial and eye analysis to detect if theperson is specifically gazing in the direction of the door. If thiscondition is met, the unlock mechanism will be activated. If gazetowards the general direction of the sensor is not detected, no actionis taken. The system combines the “in the flow” target by not asking theuser to do anything specific and the intent detection to unlock onlyrequested entrances.

FIG. 33 is a flowchart describing the steps of a high-level exemplarymethod for determining whether a person observed by a facial recognitionaccess control system intends to enter.

In step 3302 an image of the potential entrant is captured, and in step3304, the image is processed. (In an actual implementation, a series ofimages will be captured and analyzed, but for simplicity a single imagecapture is described.) In step 3306 the trajectory of the potentialentrant is calculated; in step 3308 the gaze of the potential entrant isanalyzed. In addition to these steps, the direction in which thepotential entrant is facing may be analyzed, and other indicators ofintent may be detected. In step 3310 these inputs are used to produce aprobability that the person intends to enter the access point.

Separately, the captured image is used to perform facial recognition3312 as described previously. In step 3314, it is determined whether theidentified person is authorized to enter the door the person isapproaching. If so, then in step 3316, that door is unlocked. If not,then in step 3318 the process ends without unlocking a door.

In practice, it may be advisable to perform the predictive steps 3302through 3310 iteratively, so that the accuracy of the predictionimproves both with more data and as the user gets closer to the intendeddoor.

In building security implementations that include multi-factorauthentication, such as systems that include both badge readers andfacial recognition modules, the subject invention can also be used todetect improper behaviors such as the use of an authorized badge by anunauthorized person, or an authorized person using a differentauthorized person's badge. A company may wish to restrict such practicesin order to prevent employees from giving their badges to anyone else,to keep accurate track of which of their employees are in a facility, orfor other reasons. Thus in another embodiment, the invention comprisesmethods for identifying people who attempt to enter a controlled spaceusing an improper badge. FIG. 34 is a flowchart illustrating anexemplary process for detecting when a valid badge is presented by aperson other than the person to whom the badge was issued.

In step 3402, facial recognition is initiated. In step 3404, analysis ofthe captured image is performed, and in step 3406 the analyzed image isused to attempt to identify the person. In step 3408, it is determinedwhether the person can be identified. If not, then in step 3410 theprocess ends. Separately, in step 3412 the presented badge is read andthe ID number is extracted.

In step 3420, the recognized face and badge number are compared. If theydo not match, then the process ends 3410 without unlocking the accesspoint. If they do match, then in step 3422 it is determined whether theidentified person is authorized to enter. If not, the process ends 3410without unlocking the access point. If the person is authorized, then instep 3424 the access point is unlocked to permit entrance.

Additional variations are possible, including taking different actionsdepending on the confidence in a given identification, and adding a“maybe” step in which a potential entrant is neither accepted norrejected, but has to provide additional input, such as providing betterimages by standing in front of facial recognition module 500.

The subject facial recognition system, like most or all neuralnetwork-based systems, requires training in order to develop thealgorithms used to perform as intended. This requires that a largenumber of images of faces be presented and analyzed. In the currentlypreferred embodiment, much of this training is to be performed whiledeveloping the system and prior to deployment in specific installations,thereby significantly reducing the ramp-up period in an actualdeployment.

In order to minimize both friction and inaccurate identifications, andto do so for people of a broad range of ethnicities, comprehensivelibraries of images are very useful.

When a person walks by the door, the proposed technology starts lookingfor similar profiles in the database. To reduce the processing time andcomplexity, several external parameters are used to decrease the numberof candidates. Here is a non-exhaustive list of possibilities:

Checking time: people are usually coming around the same hour and thoseprofiles will be checked first when someone is coming by in the sametime slot.

Recurrent groups: As people have routines, the proposed technology isalso

associating people who are usually coming together (same commute, teamgoing out for lunch time, etc.). Those “associated profiles” will alsobe checked with priority if one of those individuals approaches thephysical access point

To improve facial recognition, diverse pictures of millions of subjectsare needed, with annotations to correctly identify same and differentidentities. To do that, an aggregation tool needed to be built, whichdownloads pictures of faces from social websites.

This dataset provides good quality images of people from differentorigins. This is especially useful for facial recognition as many socialusers have multiple pictures on their profiles, which allows the datasetto annotate same identity automatically. The following section detailshow these pictures from different websites are clustered and processedto identify pictures of the same person and decrease redundancies foralgorithm training.

Traditional facial recognition methods are known to have higher accuracyon some types of faces while accuracy may decrease for others. In orderto increase facial recognition speed and accuracy, the authors needed tocollect millions of pictures from people from those specific ethnicorigins.

RGB images can be collected in bulk using the above tool. One importantrequirement is to have the pictures annotated by name or profile, toidentify faces correctly. If this information is not available, anothermethod for identification is the proposed clustering method. We willconsider that the dataset is preprocessed and includes only normalizedface pictures (RGB or grayscale). We don't know who the subject of thepicture is but we can assign person ID numbers. Annotation is theprocess of having a human review a captured image and associate an ID(name or badge number) with that image.

The technology for clustering is semi-automatic and aggregates allpictures from different origins to find reoccurrence of sameindividuals. Pre-processing is automatic and pictures with similar facesare collected into batches. An operator is required to confirm or rejectmatchings where the algorithm does not have high confidence. Thisefficient method is a good alternative to manually matching pictureswith manual human interaction, improving accuracy on the databasecontent before any post processing.

The process works in 3 steps: a) Process all pictures and automaticallylook for very close ones. As the similarity threshold is very high,confidence that the person is the same in a group is (several groups canhave pictures from the same person). We will call those groups of veryclose pictures “clusters”. FIG. 35 explains this automatic matching ofvery similar pictures.

Facial recognition module 500 (not shown) will collect a large number offacial images 3502. It would be very time-consuming for a human operatorto have to individual identify all of the pictures individually, even ifjust during initial training. Thus in an exemplary embodiment, facialrecognition module 500 may group those images into clusters 3504, 3506and 3508 based on a level of confidence that all of the images incluster 3504 are of one person, images in 3506 of a different person,and so on. This will permit a human operator helping to train the systemto identify a single image representing a cluster, and thus accomplishthe identification process more efficiently.

When all pictures are organized into clusters consisting of one or morepictures: b) Compare each cluster to all other clusters by comparingeach picture within the first cluster to all pictures from the othercluster and calculate the similarity confidence.

This process enables further simplification of the process by automatingthe merging of cluster when there is a high likelihood that two (ormore) clusters contain pictures of the same person.

FIG. 36 presents a visual explanation of this pairing method. Thus wherecluster 3602 contains a number of images determined to be all images ofthe same person, and cluster 3604 contains a number of images determinedto be all images of the same person, all of the images in both clusterscan be compared in order to estimate the degree of similarity betweenthe two clusters. If the degree of similarity is sufficiently high, thetwo cluster can be merged into a single larger cluster. This may beperformed automatically by facial recognition module 500, or may beassigned to a human operator, as described in FIG. 37 below.

For each cluster, rank all other clusters by their combined similarityconfidence (higher are more likely to include the same person). c)Display the current cluster and the first one in the similarity clusterslist to the operator. If the person is the same, clusters will bemerged. If not, we will propose the next cluster in the similaritybuffer. FIG. 19 is an example of a visual interface used. The usershould confirm or reject if the two clusters are the same person byclicking one of the proposed buttons.

FIG. 37 provides a View of a possible embodiment of the visual interfaceusing the proposed technology to evaluate person matching. The userinterface may present a representative image from an existing cluster ofimages 3702, as well as a representative image from a new cluster ofimages 3704. The human operator may then be prompted to mark theclusters as same 3706, different 3708, or to skip the matching process3710 if the human is unsure.

After X iterations (X is a number depending on the type of pictures andtime we want to spend), we will deduce this new cluster as a new personand assign a new cluster ID. If there is mismatch, same cluster or ifthe comparison is too ambiguous we have a third option to save ambiguousdata for more specific manual post processing.

Because of parallel processing and human error, another step isnecessary to increase again the accuracy in the database. After allprocessing, final post-processing will be operated on the database toremove again any potential person duplicates (same person identifiedwith different person IDs).

The process is identical to above: a) Build a cluster by extracting Yrandom pictures for each person ID in the dataset (Y to be decideddepending on the time we want to spend and target accuracy). Randomfactor is very important for better accuracy. b) For each generatedcluster, compare it to all other clusters and generate a list of similarclusters from higher similarity to lower one. c) For each cluster,consecutively display X closest clusters from the similarity list to theoperator. If one of them matches (same person displayed) person IDs willbe merged. If after X comparisons no identical person identity isdetected, we will consider this person cluster to be unique.

This allows for automatic processing of obvious results and humanvalidation of ambiguous ones. This dataset processing method allows agood accuracy on person id assignation and same person image clustering.All automatic clustering methods depend on a numerical threshold whichshould be adjusted depending on the type and quality of input data.Lower threshold will be more accurate but increase the manual processingtime, higher one will reduce manual intervention but also matchingaccuracy. Ethnic origins of the person can also be a factor forthreshold adjustment depending on what type of data was used to createand test the clustering function. If people characteristics are verydifferent from ones used to create the clustering method, results may beless accurate.

The dataset used in the proposed facial authentication technology alsoincludes pictures of people taken in real-world conditions. To match asmany common parameters of facial capture (picture quality, orientation,luminosity, size, distance . . . ), functional sensors needed to bedeployed at various location. The captured pictures have been aggregatedwith the existing dataset (already described in previous sections) andimprove the facial recognition database by adding depth data.

Previous sections described data collection for recognition pictures butAlcatraz AI also process fake data like paper faces and other spoofattempts to test and evaluate its anti-spoofing algorithms. This datasetalso request as much diversity as possible to be efficient.

To resolve this problem, Alcatraz AI developed a recording modulecapturing all coming by faces and added some features in the display tocreate a gamification around the spoofing part. The display is justshowing an enigmatic message like “Are you human?”. Those words andcolor indications encourage users to try several approaches to trick thesystem. Additional information and messages are displayed to guide theuser and show the progress.

Finally, those “game units” are positioned in strategic places liketechnical universities and facilities where people are more familiarwith this type of features. FIG. 38 gives examples of messages displayedby the gaming unit.

While it may be desirable to permanently install dedicated facialrecognition modules at access control points in many situations, theremay also be contexts in which an ad hoc access control point is desired.It may also be the case that facial recognition may be useful for otherpurposes for which more portable hardware is useful.

The following embedded module had been designed to provide a real-time3D sensing experience to mobile users, as shown in FIG. 39. This modulecontains an RGB and depth cameras (or IR sensors) pointing to the userand live streaming the captured video to the phone. This module alsocontains its own battery and power module. The specific embodiment ofmodule 3902 illustrated in FIG. 39 is intended to be used in connectionwith smart phones and/or tablets from Apple Corp., and features theproprietary Lightning connector 3904 included in many Apple products.Alternative implementations may use other connectors, such as a form ofUSB (Universal Serial Bus) in order to work with other smartphones ortablets, such as those using the Android operating system. Module 3902may also include one or more IR light sources and one or more IRsensors. Module 3902 may also include its own RGB camera, or may connectto the RGB camera or cameras already present in connected smart device3906.

The setup and provisioning of a building security system, especially asystem that includes multiple components that can be configured insoftware, can be a time-consuming and difficult process. Some systemshave required user to type alphanumeric codes into devices with limiteduser interfaces, or perform other precise tasks with limited feedback.Thus it is another object of the invention to provide a simpleprovisioning process that can be performed by people having a variety oflevels of technical skill. This object is provided by an aspect of thesubject invention that permits settings and other aspects of the setupprocess to be communicated to edge devices including facial recognitionmodules by presenting visually encoded information to be input via oneor more cameras on the device. One method of accomplishing this is topresent a portable device with a display, such as a tablet or smartphonewith a coded message, such as a barcode or QR code, so that it is seenby the edge device.

In one embodiment, When the system is first turned on, it entersconfiguration and setup mode automatically. In this mode, the system hasall connectivity disabled by default. The camera is enabled to acceptconfiguration input and the display is enabled to convey information.The administrator or installer may configure the unit using the includedapplication. The app is available on any smartphone and tablet device,as well as a web client. The app consists of step by step configurationwith explanation for each option. After the administrator or installerhas selected all the settings, the app encodes the configurationsettings into a barcode and displays them on the screen. At this point,the administrator or installer can present the barcode to the camera toeasily transfer and save all the selected settings to the system.

The system and related subscriptions are designed to work with andwithout internet connectivity. Without internet connectivity,subscription products can be managed and renewed via NFC and RFID.Before shipping each system to the customer, there can be created a setof special and unique NFC and RFID credentials for each systemrepresenting the annual subscription renewal. This set of subscriptionrenewal credentials are stored internally to the edge unit and arerecognized by that particular system. When the customer wants to renew asubscription for a system without internet connectivity, the customerwill be given a corresponding NFC or RFID renewal credential for thatyear. The customer may then present the credential to the system. Thesystem will read the credential and match against its internal recordsto update the subscription and expiration date accordingly.

In another embodiment, the invention also comprises a tool to enable anemployer to provide information about the morale and emotional health ofits employees. The technology required to recognize individual peoplecan also used to recognize indicators of the emotional state of thepeople being analyzed. Thus detecting smiles versus frowns and grimaces,laughing versus crying can all be used to inform management about theirworkforce as a whole, as well as potentially identify individuals whomight benefit from extra attention.

The technology proposed provides various information:

Number of people near the door

Distance for each person

Intent of each person based on head or eye gaze

The identity for each person if recognized

The anti-spoof result for each person (real or fake)

The proposed method uses facial recognition to grant access to incomingpeople. The authentication system also provides additional features likeautomatic personnel timekeeping without any manual check-in and emotiontracking. This is especially useful when comparison on individual versusdepartment, group or company is analyzed. For example, a performancereview of an employee can be correlated with his quarterly physicalpresence in the company and their emotional analysis for a more completeinsight into their profile and current work. Another example is when anotification is triggered if there is an outlier per companyconfiguration—a group of people working on a project experience longerworking hours correlated to lowered positive emotion levels throughoutweeks or months. The company can potentially hire help or delaydeadline. FIG. 40 gives an example of a visual presentation of the data.

Line 4002 illustrates an exemplary method to track the displayedemotional state of an individual who passes regularly through an accesspoint controlled by facial recognition module 500. Bar chart 4004illustrates an exemplary method to track the overall displayed emotionalstate of all of the people (or a subset thereof) moving through anaccess point controlled by facial recognition module 500.

Additionally, a company can track how employees react to an announcementpre and post the event by tracking their emotional behavior. The companycan time an event based on how the company's emotional level is ingeneral. This is presented in FIG. 41. Different facial expressions maybe recognized and associated with different emotional states. Thoseemotional states can be tracked over time, and changes in overallemotional states can be used to affect various company policies andinitiatives.

Another aspect of the invention that leverages the image recognitioncapabilities of the facial recognition module is to use a system ofencoded badges or stickers for purposes such as guest badges. Theauthentication platform is using image processing to grant access. Themain target is facial recognition but this tool can also be used torecognize any 1D or 2D barcodes. For guest recognition and access,custom name tags can be created with QR codes or barcodes. The persondoesn't have to be recognized by the system and access can be grantedfor a limited time.

This use case can give more liberty to guests and temporary employeesbut also avoid all tailgating alerts. It's also a way to track guestmovements by checking (for example) this person is always with arepresentative of the company.

Another aspect of the invention that leverages the image recognitioncapabilities of the facial recognition module is to use informationgenerated by the facial recognition modules to inform other systems,such as emergency response systems. In the event of fire, live shootersituations, earthquake, etc., an essential piece of information forfirst responders is knowledge of how many people are inside a buildingor critical area of a building. Since the technology intrinsically uses3D scanning with volumetric data to do facial authentication, it canalso recognize bodies even if no face is detected or recognized. This isespecially useful in case of emergency, when during evacuation, peoplecan be counted on the way out and an alert can be dispatched if amismatch is present between employees indoors versus employees outdoors.

In another embodiment, the subject invention may use facial recognitionto determine not (or not only) the identity of a given person, but toread that person's facial expressions as a user interface—that is, as ameans for interacting with a computer system.

In an embodiment, Authorized individuals are able to performadministrative tasks with their facial expressions. Main tracking pointsare mouth, eyes and global facial movements. FIG. 42 provides somedetail on how that is done.

When person 4202 approaches facial recognition module 500, and thatperson has been recognized as an authorized person through extraction ofperson 4202′s facial features, it is also possible for person 4202 totrigger actions based on facial expressions. Thus if person 4202 smiles,facial recognition module 500 recognizes smiling face 4204, and caninitiate an action that has been associated with a smile by that person,such as navigating among menu items; if person 4202 winks, facialrecognition module 500 recognizes winking face 4206, and can initiate anaction that has been associated with a wink by that person, such asselecting a menu item. Such expression-based actions can be the same forall users, or could be customized on a user-by-user basis.

Because security systems should be designed to prevent and detect a widevariety of methods of compromising them, it may be desirable toincorporate technologies inside the facial recognition module to detecta variety of forms of physical tampering. Thus in an embodiment of thesubject invention, the invention comprises additional components thatcan detect tampering with the system.

The physical anti-tampering functionality has two main purposes. First,the system is designed to protect the internally stored user andlocation data from being accessed. Second, the system's door unlockfunctionality will be automatically disabled via software to preventphysical access to the secured space. In an exemplary embodiment, Upondetecting a physical access attempt, the system will perform an alertaction and self-destruct. The notification can be configured to be anycombination of sound and alert messages via digital transmission. Theself-destructing action involves repeatedly erasing and overwritingsensitive user and location data regions within the internal flashstorage and any removable storage medias.

In an exemplary embodiment, The system consists of three main types ofphysical anti-tampering detection methods. Any combination of theanti-tampering detection methods may be configured and used depending onthe situation. First, in an exemplary embodiment the system has aninternal barometer (also known as pressure sensor) and a physicalstructure which prevents rapid pressure changes. The system softwaremonitors the barometer for rapid pressure changes via an interrupt. Thisantitampering method is designed to detect an intrusion involvingphysically breaking the casing of the system. For example, drilling intothe casing or cracking the casing.

Second, in an exemplary embodiment the system has an internal ambientlight sensor and a small light source between the wall mounting plateand the system casing. When installed, the light is emitted from thelight source, reflected from the wall mounting plate, and detected inthe ambient light sensor. The system software monitors for light levelchanges from the ambient light sensor via an interrupt. Thisanti-tampering method is designed to detect when the system has beenphysically removed from the wall.

Last, in an exemplary embodiment the system has an internalaccelerometer. When mounted on a wall, the system is expected to berelatively physically stable. The system software monitors for rapidacceleration via an interrupt. This anti-tampering method is designed todetect physical shock to the system such as being pried off by a crowbaror being hit by a hammer.

Another approach to sensing tampering is to monitor the image capturedby the camera and sensors. If, for example, the location of normallystationary objects changes, and especially if the location of all suchobjects move together, it can indicate that the facial recognitionmodule has been removed from its normal location.

Another aspect of the invention is the ability to operate in low-lightconditions. The infrared laser projector may, in some embodiments,project enough light under certain conditions to permit one or both IRsensors to capture a useful 2D image. This image may be used for facialrecognition in place of or in addition to RGB images when there isinsufficient light to permit the RGB camera to produce high-qualityimages.

The subject invention provides multiple benefits as compared to previousbuilding security technologies. FIG. 43 presents a comparison ofclassical access control methods and the proposed platform based onvarious criteria. This comparison is based on security, speed, ease ofuse and setup.

While particular embodiments of the present invention have been shownand described, it is apparent that changes and modifications may be madewithout departing from the invention in its broader aspects and,therefore, the invention may carried out in other ways without departingfrom the true spirit and scope. These and other equivalents are intendedto be covered by the following claims:

What is claimed is:
 1. A system for controlling access to a physicalspace comprising: a facial recognition module comprising at least avisible light camera, a sensor capable of detecting infrared light, aprocessor, and memory; an access control panel comprising at leastcomponents capable of sending a signal to at least an electronicallyunlockable access control mechanism and receiving a signal from thefacial recognition module; a list comprising a plurality of uniqueidentifiers of authorized entrants at the controlled access point, wheresaid list is accessible to the access control panel; wherein the facialrecognition module is configured to detect whether at least a person isin the vicinity of the controlled access point prior to tracking oridentifying that person; wherein the facial recognition module isconfigured to define a region of interest within the captured image,such that the region of interest includes the detected person; whereinthe facial recognition module is further configured to track themovement of at least a detected person, and to adjust the region ofinterest based on that movement; wherein the facial recognition moduleis further configured to perform facial recognition by at leastprioritizing the region of interest, and associating at least arecognized face with the correct unique identifier for that face;wherein the facial recognition module is configured to transmit to theaccess control panel the unique identifier associated with therecognized face to the access control panel; and wherein the accesscontrol panel is configured to transmit a signal to at least theelectronically unlockable access control mechanism to enable access tothe building or controlled space.
 2. The system as in claim 1 in whichthe facial recognition module comprises at least an indicator lightwhich is illuminated if the access control mechanism is unlocked by thefacial recognition module.
 3. The system as in claim 1 in which thefacial recognition module comprises a badge reader.
 4. The system as inclaim 1 in which the facial recognition module is connected to thecentral processor by at least a pair of wires.
 5. The system as in claim1 in which the facial recognition module contains at least a visiblelight camera capable of capturing images that are at least 1080 by 720pixels in size.
 6. The system as in claim 1 in which the facialrecognition module contains at least an infrared light sensor capable ofcapturing images that are at least 640 by 480 pixels in size.
 7. Thesystem as in claim 1 in which the facial recognition module contains aplurality of infrared light sensors, each of which is capable ofcapturing images that are at least 640 by 480 pixels in size.
 8. Thesystem as in claim 1 in which the facial recognition module includes astructured light source.
 9. The system as in claim 1 in which the listcomprising a plurality of authorized entrants at the controlled accesspoint is maintained on the access control panel.
 10. The system as inclaim 9 in which the facial recognition module contains at least avisible light camera capable of capturing images that are at least 1080by 720 pixels in size and at least a plurality of infrared lightsensors, each of which is capable of capturing images that are at least640 by 480 pixels in size.
 11. A method for controlling access to abuilding or other physical space comprising: capturing at least a firstvisible light image with at least a camera mounted in a facialrecognition module located near a controlled access point to thebuilding or other access-controlled physical space and to analyze thevisible light image to detect whether at least a person is in thevicinity of the controlled access point prior to tracking or identifyingthat person; defining a region of interest within the captured image,such that the region of interest includes the detected person; trackingthe movement of at least a detected person, and to adjust the region ofinterest based on that movement; capturing at least a first infraredimage from an infrared sensor mounted in the facial recognition module,where said first infrared image is captured subsequent to the capture ofthe first visible light image; providing at least a first badge readerat a first entrance to the building or other physical space; performingfacial recognition using at least said visible light image and saidinfrared image on a person who presents a badge to one of the badgereaders; wherein the facial recognition prioritizes the region ofinterest; wherein the facial recognition module transmits a signal tothe access control panel indicating that the facial recognition modulehas identified the detected person as authorized to enter; and whereinthe access control panel transmits a signal to at least theelectronically unlockable access control mechanism to enable access tothe building or other physical space.
 12. The method as in claim 11 inwhich the facial recognition module comprises a badge reader.
 13. Themethod as in claim 11 in which the facial recognition module contains atleast a visible light camera capable of capturing images that are atleast 1080 by 720 pixels in size.
 14. The method as in claim 11 in whichthe facial recognition module contains at least an infrared light sensorcapable of capturing images that are at least 640 by 480 pixels in size.15. The method as in claim 11 in which the facial recognition modulecontains a plurality of infrared light sensors, each of which is capableof capturing images that are at least 640 by 480 pixels in size.
 16. Themethod as in claim 11 in which the facial recognition module contains atleast a visible light camera capable of capturing images that are atleast 1080 by 720 pixels in size and at least a plurality of infraredlight sensors, each of which is capable of capturing images that are atleast 640 by 480 pixels in size.
 17. The method as in claim 11 in whichthe facial recognition module further comprises an infrared lightsource.
 18. The method as in claim 17 in which said infrared lightsource projects structured light.
 19. The method as in claim 11 in whicha list comprising a plurality of authorized entrants at the controlledaccess point is maintained on an access control panel connected to atleast the facial recognition module.
 20. The method as in claim 19 inwhich the facial recognition module is connected to the access controlpanel by at least a pair of wires.